The “Flashback” virus that originated on a series of WordPress blogs and went on to infected more than 600,000 Mac computers last month may have generated its creators thousands of dollars each day. According to antivirus software firm Symantec, the Flashback malware has been generating revenue for its authors by hijacking users’ ad clicks, and due to the widespread nature of the infection, the authors could have been generating up to $10,000 per day. “Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker’s choosing, where they receive revenue from the click,” the firm explained, adding that Google never receives the intended ad click. Symantec notes that ad-clicking Trojans are nothing new and a botnet of 25,000 infections could generate an author up to $450 per day. More →
Security firm Intego on Monday announced that it had discovered a new variant of the Flashback malware called Flashback.S that continues to use a Java vulnerability Apple has already patched. This variant requires no password to install, and it places its files into the user’s home folder in “~/Library/LaunchAgents/com. java.update.plist” and “~/.jupdate.” Once Fashback.S is installed, it will then delete all files and folders in “~/Library/Caches/Java/cache” in order to delete the applet from the infected Mac, and avoid detection. The virus is actively being distributed, although it will not install if it finds Intego VirusBarrier X6, Xcode or Little Snitch installed on the Mac it tries to attack.
Security firm Sophos on Tuesday indicated that a surprisingly high level of malware has been found on Mac computers — the firm’s research revealed that one in every five Mac computers is harboring some kind of Windows malware. Of the 100,000 customers sampled through Sophos’s antivirus offerings, 20% of users were found to be carrying one or more instances of Windows malware. The firm highlighted that Windows malware on a Mac won’t cause any harm, however, unless the computer also runs a Windows partition in addition to OS X. The company’s research found that just 2.7% of Macs that installed the company’s free anti-virus software were infected by OS X malware. Nearly all of the OS X malware discovered was an iteration of the “Flashback” trojan called “Flshplyr.” Sophos said that cybercriminals may find Macs to be targets because OS X users are less likely to be running an anti-virus software, however Macs can get viruses and the right software can keep a user’s computer safe. A second pie chart follows below. More →
The “Flashback” virus discovered to have infected more than 600,000 Mac computers earlier this month originated on a series of WordPress blogs, security experts have determined. According to Alexander Gostev, head of the global research and analysis team at Kaspersky, the virus began as a trojan hidden within a fake Adobe software update. In March, however, the malware’s creators repackaged the virus in a “drive-by attack” that infected users’ Apple computers when they visited one of thousands of compromised WordPress blogs. “Tens of thousands of sites powered by WordPress were compromised,” Gostev wrote on Kaspersky’s SecureList blog. “How this happened is unclear. The main theories are that bloggers were using a vulnerable version of WordPress or they had installed the ToolsPack plug-in.” Apple released a system update earlier this month that patched a Java vulnerability and removed most common iterations of the Flashback virus. As of the middle of last week, however, more than 140,000 Mac computers were still infected with the virus, which is capable of intercepting private data and transmitting it without a user’s knowledge. More →
Apple responded fairly quickly to news that more than 600,000 Mac computers were infected with a trojan virus called “Flashback.” One week after the massive botnet was discovered, Apple issued an update fixing the Java vulnerability that allowed Flashback to infect the machines, as well as a removal tool for affected machines. Despite the company’s efforts, Symantec stated on Tuesday evening that approximately 140,000 OS X PCs were still infected with the virus at that time. “The statistics from our sinkhole are showing declining numbers on a daily basis,” the company wrote on its blog. “However, we had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case. Currently, it appears that the number of infected computers has tapered off, but remains around the 140,000 mark.” Symantec offers its own Flashback removal tool separate from the one Apple made available in a system update on April 12th. More →
Apple on Thursday released Java update for OS X that removes a number of common variants of the Flashback trojan virus. Discovered last week to have infected more than 600,000 Mac computers, Flashback is a trojan that is capable of intercepting sensitive data and transmitting it back to an attacker. Security experts at F-Secure published instructions on how to manually detect and remove the malware, but Apple’s new Java update will handle the process automatically. The update, Java for OS X Lion 2012-003, is available for download immediately from within Apple’s integrated OS X software update utility.
Apple on Friday issued a second software update to address a security flaw on its OS X operating system that has allowed a massive botnet to form. The update, “Java for OS X 2012-002,” is only available for desktop and laptop PCs running OS X Lion 10.7; Apple issued a similar update last week for both Lion and Snow Leopard, and the exploit was seemingly addressed properly the first time on the Snow Leopard OS. Russian anti-virus experts revealed earlier this week that the “Flashback” trojan virus had utilized a Java vulnerability to infect more than 600,000 Mac computers worldwide. The trojan is capable of intercepting sensitive data such as passwords and other personal information, and transmitting the data back to a host. A separate firm later published instructions detailing how to detect and remove the virus, and Apple’s new update should be the last step in protecting its systems from further attacks. Apple had not yet published details surrounding the new update on its website at the time of this writing. More →
The idea that Macs don’t get viruses is now officially a thing of the past. Of course Mac malware has been around for years, but now a massive botnet has been discovered that takes this relatively small issue and makes it a widespread problem. While hackers indeed target Windows PCs far more frequently, a trojan horse virus discovered earlier this year has reportedly now been found to affect more that half a million Mac computers worldwide. Russian anti-virus vendor Dr. Web has discovered that malware called “BackDoor.Flashback.39” is currently present on at least 600,000 Macs. The trojan has the capability to use a java vulnerability to intercept passwords and other private data, and then transmit the information back to the person or group that deployed it. Apple has since patched the vulnerability, but security experts at F-Secure have published a simple guide to help Mac users determine whether or not they are infected, and then remove any malicious files from their computers that are tied to the Flashback trojan. A link to F-Secure’s guide can be found below. More →