A RUSSIAN SECURITY FIRM says that it has stumbled upon a botnet that has hijacked an impressive 600,000 infected Mac computers.
The firm, called Dr Web, first said that it had found half a million infected computers but later upped the number in a tweeted message, where it added that some of the bots are in Cupertino.
In a blog post it said that it had studied the Trojan, called Backdoor.Flashback.39 and found it on over 550,000 machines. The firm found these around the world with around 12 per cent of the haul in the UK, 19 per cent in Canada and over 50 per cent in the US.
"Systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system," it said.
Infected web sites are listed by the firm and most of them are in the .ru for Russia domain. They range from some related to films through streaming television services to something called Gangstasparadise.
It added that it had heard from "sources" that there might be four million compromised web pages on a Google SERP and cases of infection when visiting dlink.com.
Apple has fixed the vulnerabilities in its most recent Mac OS X updates. You are, of course, advised to update your software.
Once onboard the Trojan will search for files that it can use to install itself, then it will generate a list of control servers and send a notification of success to the bot herder. Dr Web said that over time it will send consecutive queries to control server addresses.
There is some debate about the figures in the security industry, and in a message on Twitter F-Secure's Mikko Hyponnen linked to a report on the numbers with the rider, "We can't confirm or deny the figure."
@mikko, at this moment botnet Flashback over 600k, include 274 bots from Cupertino and special for you Mikko - 285 from Finland— Sorokin Ivan (@hexminer) April 4, 2012
This got a response from Dr Web's malware analyst Ivan Sorokin. "At this moment botnet Flashback over 600k, include 274 bots from Cupertino and special for you Mikko - 285 from Finland," he said.
The author of the newly linked report, Adrian Sanabria recommends that the figures be disregarded until they can be independently verfied. µ
You can't fault them for speed
Investigation reveals that malicious code was injected into the firm's payment page
Plus the three-for-free
And it's not just on Ubuntu, neither