Mac Botnet Growing Rapidly

Friday, April 6, 2012 @ 12:04 PM gHale

Right now Java is the exploit of choice, as more than 600,000 Macs are suffering from a new version of the Flashback Trojan, researchers said.

Flashback is a family of Mac OS malware that appeared in September 2011. Older Flashback versions relied on social engineering tricks to infect computers, but the latest variants distribute via Java exploits that don’t require user interaction, said security researchers from Russian antivirus vendor Doctor Web.

RELATED STORIES
Apple Fixes Java Holes
Botnet Rises for Third Time
Microsoft Seizes Zeus Servers
Malware has Bots Acting as C&C Server

Apple released a Java update in order to address a critical vulnerability that’s exploiting Macs with Flashback.

Company researchers hijacked a part of the Flashback botnet through sinkholing, and counted unique identifiers belonging to more than 550,000 Mac OS X systems infected with the Trojan horse.

Over 300,000 of the Flashback-infected Macs, or 56 percent of the total, are in the United States, while over 100,000 are in Canada, Doctor Web said. The UK and Australia are next, with 68,000 and 32,000 infected Macs, respectively.

The botnet is growing at a rapid rate. Hours after Doctor Web issued its report, Ivan Sorokin, one of the company’s malware analysts said the botnet had grown to over 600,000 infected computers. He also said 274 Macs infected with the new Flashback variant were in Cupertino, CA – Apple’s headquarters.

Doctor Web recommended Mac users install the latest Java patch released by Apple, while other security companies went further, advising them to disable the Java plug-in in their browsers altogether if they don’t use Java-based Web applications. Uninstalling Java from the system completely is also an option if it is not required for other desktop applications.