Computer giant Apple released a patch this week for its OS X 2012 and 10.6 operating systems about the same time a Russian security company claimed that up to 600,000 Mac computers around the world are being controlled by a piece of malware that sucks targeted computers into a “botnet,” or a makeshift network of computers controlled by cyber-criminals.

Most Mac users are not well-versed in the trials of cyber security, with many having been lulled into a false sense of safety because the Mac platform’s smaller market-share makes it a less favorable target for hackers. But security company Dr. Web said this week that Mac users are becoming more frequent targets for identity theft and other cyber crime, and that one new piece of malware in particular is becoming a grave concern.

Dr. Web used a tactic known as “sinkholing” to trick the criminal network into sending signals to computers at the company’s security center, where technicians were able to monitor the botnet and count how many computers were part of it. They later claimed to have detected over 600,000 Mac computers participating in the criminal enterprise thanks to a Java exploit called BackDoor.Flashback.39. Over four million websites contained links to the Flashback loader files, Dr. Web said. Those websites, knowingly or not, helped spread the malware through the users’ Internet browser, where it exploits a weakness in Java to install itself to users’ computers. Approximately 56 percent of the infected computers are in the U.S., they added.

While botnets are not unusual, news of the Mac botnet is due to the relatively small number of viruses and malware created specifically for Apple products. Word of the Flashback program, however, comes just a week after researchers discovered a different Trojan called MacControl, which gives cyber criminals complete control over a users computer.

The most amusing aspect of this story is the flamewar in the comments section.

  1. msbpodcast says:

    Sorry but this is so easily defeated that it doesn’t bear mentioning.

    Firstly, its a potential Safari exploit only. If you’re using Chrome or FireFox or Opera don’t worry.

    Secondly, its only there for as long as you’re on a page with the exploit installed.

    Thirdly, OS X doesn’t install any software outside a secure browser sandbox without popping up a dialog box asking if you requested <software package name> and if you really want it.

    Fourthly, the instructions for checking if you’ve got it and how to get rid of it are already on the web.

    This is a non-issue. (It ain’t Windows… 🙂 )

  2. Stan says:

    Not according to PCWorld

    “Security companies first discovered the Flashback trojan last September. At the time, the malware masqueraded as an update for Adobe Flash, but as of April, Flashback was infecting users who visited compromised Websites, without requiring a password for installation.”

    “”The Flashback malware has been very active in the wild, and can install with no user interaction, if Java is not patched,” the company says in a blog post.”

    “Over four million websites contained links to the Flashback loader files”

    As for your other two statements, they’re true for PC’s as well.

    • Chris Donahue says:

      At least with us using Windows, we are somewhat protected. We have Anti-Virus/Malware protection. Mac users usually have nothing.

      • peter_m says:

        That is so scarry and true. OSX machines do not run any kind of protection other then automatic OS updates… that can be dismissed… easily.

        Curious how many of these machines will stay infected…

  3. god says:

    B-b-but dr web is in the business of selling security software – surely he knows best.

  4. deowll says:

    It was on about 600,000 Macs before Apple did jack and Apple didn’t find it. Somebody else did. They have now done to patches relating to this.

    Apple needs to get rather more serious or Mac users are going to get burned badly. Security by obscurity only works when you are obscure and the mac isn’t that obscure any more.

  5. McCullough says:

    Confucius say…”Man who keep head in sand, eventually gets bite on ass.”

  6. flyingroach says:

    I had many university OSX users get “infected” by the fake alert last year. That varient required OK install and admin pwd

    This new one was short lived but timed well with the WordPress site compromise. This new exploit apparantly needs no user interaction or admin pwd. This makes the infection of this many OSX users easier to believe.

    True or not, many OSX users are just as bad as PC users. never

    -they never update adobe/flash/Java etc or reboot to allow some updates to apply.
    – never backup!!!!! Most OSX users tell me their Macs harddrives are better than those in windows machines! Well, often they are the same. That has little relevance at least use. Timemachine, crashplan etc.

    I often find that they ignore that timemachine alerts. Them that no backup has been done in a year. The drive is inches away unplugged

  7. moebeans says:

    The peak of botnets is still a couple years away. In 2014 when MS stops issuing security updates for XP is when the criminals will own the internet.

    Millions and millions of clueless computer users will not upgrade to Windows 7 or 8 and it won’t be but a matter of months before they are owned.

    What a PR nightmare that will be not to mention a huge looming security problem for the internet at large.


Bad Behavior has blocked 19385 access attempts in the last 7 days.