On April 4, Russian antivirus vendor Dr. Web published strong evidence that more than 500,000 Macs have been infected by the latest variant of the Flashback Trojan. As Mikko Hypponen, Chief Researcher at F-Secure pointed out via Twitter, if there are roughly 45 million Macs out there, Flashback Trojan would now have infected more than 1 percent of them, making Flashback roughly as common for Mac as Conficker was for Windows.
Flashback Trojan appears to be the most widespread Mac malware we’ve seen since the days when viruses were spread on infected floppy disks; it could be the single most significant malware infection to ever hit the Mac community.
 |
[adsenseyu7] |
Here’s what you need to know about Flashback, what you can do about it, and what it means for the future of Mac security.
What is Flashback Trojan?
Flashback is the name for a malicious software program discovered in September 2011 that tried to trick users into installing it by masquerading as an installer for Adobe Flash. (Antivirus vendor Intego believes Flashback was created by the same people behind the MacDefender attack that hit last year.) While the original version of Flashback and its initial variants relied on users to install them, this new form is what’s called in the security business a drive-by download: Rather than needing a user to install it, Flashback uses an unpatched Java vulnerability to install itself.
If you visit a malicious (or unwillingly infected) website hosting Flashback, the program attempts to display a specially crafted Java applet. (We don’t yet know how many websites host Flashback.) If you have a vulnerable version of Java installed and enabled in your Web browser, the malicious code will infect your system and then install a series of components. Since Apple did not release an update for that vulnerable version of Java until April 3rd, many users were and are still susceptible.
After initial infection, Flashback pops open a Software Update window to try and obtain your administrative password, but it does so only to embed itself more deeply into your Mac. Even if you aren’t fooled at this point, you are still infected.
Once it succeeds in infecting your Mac, Flashback inserts itself into Safari and (according to F-Secure) appears to harvest information from your Web browsing activities, including usernames and passwords. It then sends this information to command-and-control servers on the Internet.
The significant thing is that, unlike almost all other Mac malware we’ve seen, Flashback can insinuate itself into your system if you merely visit an infected webpage and are using vulnerable software. You do not need to enter your administrative password or to manually install anything. -macworld
