Posted on 04/05/2012 8:45:23 AM PDT by null and void
An investigation by Dr Web suggests that about 600,000 Macs have the malware - potentially allowing them to be hijacked and used as a "botnet".
It says that more than half that number are in the US.
Flashback was first detected last September when anti-virus researchers flagged software masquerading itself as a Flash Player update. Once downloaded it deactivated some of the computer's security software.
Remote control
"By introducing the code criminals are potentially able to control the machine," the firm's chief executive Boris Sharov told the BBC.
"We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals' hands. However, we know people create viruses to get money.
"The largest amounts of bots - based on the IP addresses we identified - are in the US, Canada, UK and Australia, so it appears to have targeted English-speaking people."
Dr Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California - home to Apple's headquarters.
Update wait
Apple released its own "security update" on Wednesday - more than eight weeks later. It can be triggered by clicking on the software update icon in the computer's system preferences panel.
The security firm F-Secure has also posted detailed instructions about how to confirm if a machine is infected and how to remove the Trojan.
Although Apple's system software limits the actions its computers can take without requesting their users' permission, some security analysts suggest this latest incident highlights the fact that the machines are not invulnerable.
"People used to say that Apple computers, unlike Windows PCs, can't ever be infected - but it's a myth," said Timur Tsoriev, an analyst at Kaspersky Lab.
Apple could not provide a statement at this time.
(Excerpt) Read more at bbc.co.uk ...
Others are starting to comment on the dearth of reports of infected Macs being seen on forums. They JUST AREN'T THERE!
Here is a website with a script that you can run that will easily check your Macs for the presence of the Flashback Trojan... no terminal and cutting and pasting of the commands:
Site with Flashback checking script
Just downloaded and run it from the script editor.
Granted, an infected computer appears to "check in" after infection -- that's the signature activity of a bot. So if the computers are doing that, it's a botnet, but a dormant one. I wonder, has anyone claimed yet to see it DO anything, like send spam or scareware (like Conficker), or claimed to find code in it that looks like it will do anything?
Meanwhile hysterical, inflammatory attack pieces like this are appearing:
Mac Malware Outbreak Is Bigger than 'Conficker' (PC World)
"To put the size of the threat in some perspective, the Flashback Trojan botnet is even bigger than the massive Conficker botnet…relatively speaking." ... "Based on market share, the Flashback Trojan botnet is equivalent to a Windows botnet of nearly 8.5 million PCs. That makes it an even larger threat than Conficker"
"A malware attack such as this has even greater odds of success on Mac OS X than it does on a Windows system." ... "the Mac culture is conditioned to believe the OS is virtually invulnerable. Fewer users have any security software installed to protect their Mac OS X systems," ... "It doesn’t help anything that Apple perpetuates the myth of invulnerability."
What a helpful article..... NOT!
And should this whole thing eventually be demonstrated to be a mistake or a fabrication from the anti-virus folks... will we see a retraction of these articles? Yeah, right.
How many were RINOs and MITTBOTS?
btw to my point I said liberal not Democrat. And I read a survey where liberals preferred Apple and Conservatives preferred Google. Looks like you are the one making up myths.
Sorry, dayglo. My brain must have in a blender.
Not thinking very clearly these days.
Thanks, no problem. :) I hope things clear up for you.
Relatively speaking... RIGHT... and we can't even find an infected computer yet! This is all based on reports from links into an INTERCEPTED BOTNET control server that Doctor Web claims to have identified and somehow hijacked! Doctor Web now even claims the ability to take your UUID from your Mac, hook up to the Member UUID data base in the hijacked Botnet control server where ever it is located, and check your computer against the database to see if it is registered as a member of the bonnet! How is this possible? They have publicized this and the criminals have not CLOSED this door???
Several persons have reported that they have used the tools to show that their computers are completely clean, but Doctor Web reports they are members of the botnet. This is highly suspicious. One reported that he had just completed running the check script, found his four Macs clean of the Flashback Trojan (two of which were OSX Lion and did not even have JAVA installed on them, but checked just for thoroughness) and then ran all four UUIDs through Doctor Web's on-line Database checker and ALL FOUR were reported as being members of the BotNet!!!
This goes back to my suspicion that we are seeing a carpet bomb attack with someone spoofing the attacks using UUIDs generated in the range known to be OSX Macs. That matches not seeing large numbers of infected Macs showing up on the forums.
Of course, the damage in the public eye will have already been done, so they will still be paid their fee for "discovering" the problem.
Wanna bet on the spike in 3rd-party Anti-Virus-for-Mac in the past few days?
What? Me cynical? Moi???
Here's how cynical I am. I would bet -- if this turns out to be fake -- that if you could trace the money ALL the way back, it would start somewhere in Washington State.
But I'll withhold that bet until we see if this botnet is real or not. I really would hate to think that even Ballmer, desperate as he is these days, would stoop that low.
Well, according to Kaspersky, it's being used for "Click fraud"... what a waste. I simply don't believe it even exists. I am STILL not finding any credible Mac users reporting they are infected! None. Zero! Nada. Where are they? Where are the panicked users?????????
Why do you feel it is your personal responsibility to look out for those fools?
Same reason a person volunteers at a food bank I guess. Just helping my fellow man.
Denial is one of the many stages you will go through. The quicker you move to the next stage the quicker you can heal.
I’m sure if apple thought this was fake they’d correct the record. They have said it was fake or a non issue so it must be true.
Then maybe you should recognize that we Mac Addicts don't want to get clean, and let it go at that. I have never hunted for a Windows addict group and tried to get them to kick the bill.
Then kindly ignore my post. I’m just helping all those kind macbots that posted in windows threads when a virus on XP was announced and instead of saying the logical stuff like get the latest version of windows they said Macs can’t get malware. So I’m really helping those folks out by repaying the favor.
This has not even been the case when there were claimed proof-of-concept viruses announced that we're NEVER even in the wild; there were people who thought they had them. This time NOTHING except a few obvious trolls who don't even know how to spell Mac or claim they spent three grand for their now infected iMac.
Well I bet even if you do see that you’d dismiss it just like null and voids issue.
I’m sure if this was a fabrication apple would correct the record. I’ve searched apple’s website and forums and have found no corrections. But I did see where they patched the vulnerability 8 weeks late. Until apple corrects the record we have to assume it’s true.
You know very well Apple never comments as you want them to. What I am saying is that the hype given to this "exploit" simply does not match the apparent level of user reports being posted. And so far we are looking at only a single source—although confirmed by analysis of their released data by other security firms—news story. That one source which somehow has TOO MUCH access to the botnet server, now providing users with direct checking if your OSX Mac is infected by comparison to the list of UUIDs in the Botnet Server's database! Just how is that possible???? And KNOWN CLEAN Macs are reported to be in that database, including Macs that didn't even have JAVA installed in them! BAH!
Well apparently Apple never had to respond to this stuff before but now that they are getting more and more cases of malware in the wild they need to reconsider as this isn’t any old lie any longer.
Apple would be wise to respond and take a page out of Microsoft’s book. They learned after several years of ignoring it that they need to address these things head on. But then again with OSX really only competing with XP I can see Apple has a ways to go in its maturity before they realize how they should respond.
Nearly 100K downloads of "Flashback Checker" at this point. Would be interesting to find out how many did in fact have this "infection." In my circle of friends who use Apple, no one has been hit with it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.