600,000+ Macs infected by Flashback Trojan, claims specialist

Despite Apple releasing a patch for Java, the Flashback Trojan has infected 600,000 Macs, according to reports. As a result, there are 600,000 Macs being remotely controlled by the growing Mac botnet, according to Russian antivirus company Dr. Web.

The majority of the botnet computers are located in the United States and Canada, according to Dr. Web. The company says: “This once again refutes claims by some experts that there are no cyber-threats to Mac OS X.” (More below…)

According to Dr. Web, systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit.

“Attackers began to exploit CVE-2011-3544 and CVE-2008-5353 vulnerabilities to spread malware in February 2012, and after March 16 they switched to another exploit (CVE-2012-0507). The vulnerability has been closed by Apple only on April 3 2012,” writes Dr. Web on their website. More information about the Mac botnet is available here.

Apple released the patch a day after reports spread about a Java-based Trojan horse that could install itself on your Mac without requiring that you enter a password. Apple released Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7, and if you haven’t yet installed it, you should.

Flashback is a Mac Trojan horse that’s been in the public eye since it was uncovered by security firm Intego last year. The recent update saw it gain the ability to infect your computer from little more than a visit to a website.

Originally, Flashback masqueraded as an installer for Adobe’s Flash Player – hence the name – but the malware has changed tacks at last once since then, instead pretending to be a Mac software update or a Java updater.