New Mac virus exploits weaknesses in Apple ecosystem

macattack

Summary: The nightmare scenario for Mac owners is here. At least 600,000 Macs worldwide have been infected, silently, by the Flashback Trojan, with no user interaction required. Here’s why this is just the beginning of a long-term problem.

For Mac owners, the nightmare scenario finally arrived. A piece of malware called Flashback, which has been in existence and steadily evolving for at least seven months, has infected more than 600,000 Macs worldwide, based on forensic analysis by a Russian antivirus company.

Update 6-Apr 10:50 AM PDT: Researchers at Kaspersky Lab have independently confirmed the research of Dr. Web:

We reverse engineered the first domain generation algorithm and used the current date, 06.04.2012, to generate and register a domain name, “krymbrjasnof.com”. After domain registration, we were able to log requests from the bots. Since every request from the bot contains its unique hardware UUID, we were able to calculate the number of active bots. Our logs indicate that a total of 600 000+ unique bots connected to our server in less than 24 hours. They used a total of 620 000+ external IP addresses. More than 50% of the bots connected from the United States.

[...]

More than 98% of incoming network packets were most likely sent from Mac OS X hosts.

What makes this outbreak especially chilling is that the owners of infected Macs didn’t have to fall for social engineering, give away their administrative password, or do something stupid. All they had to do was visit a web page using a Mac that had a current version of Java installed.

I’m not surprised.

Categories : Science & Tech  |  Tags :