Kaspersky claims to have confirmed the ~1/2 million infected computers, of which he says probably 98% are running OS-X.
http://www.pcmag.com/article2/0,2817,2402715,00.asp
I'm willing to believe Kaspersky; he's often run around with his hair on fire, but he seems to have done a good job of checking on this one.
I'd say, at this point, this looks to be the first big "Java-bites-OS-X" event that didn't get stopped quickly enough. F-Secure has a page with good information (quite technical) here:
http://www.f-secure.com/weblog/archives/00002336.html
Please quit bashing Macs. It gets tiresome.
Coming on the thread to gloat about a story that is weeks old (Swordmaker warned us not to download from a pop-up back in February, if I remember right).
I don’t get the hostility from PC enthusiasts toward thos of us who prefer Macs. There must be some deep insecure anxiety in their precious liitle hearts.
Happy Mac user since the original IIe.
We are STILL not seeing large numbers of people reporting finding the malware existing on their computers. This simply does not compute with the reports of what Kaspersky and Dr. Web are reporting... I would be more suspicious of a false bombing attack with a few computers forging signatures than that many Macs being infected from the few non-popular website so far identified carrying the Trojan such as:
godofwar3.rr.nu
ironmanvideo.rr.nu
killaoftime.rr.nu
gangstasparadise.rr.nu
mystreamvideo.rr.nu
bestustreamtv.rr.nu
ustreambesttv.rr.nu
ustreamtvonline.rr.nu
ustream-tv.rr.nu
ustream.rr.nu
Can you conceive of hundreds of thousands of Mac usersno make that millions of Mac users (counting the immune ones without JAVA installed), visiting THOSE websitesin just a couple of months, and either being tricked into, or drive by installing, the Trojan? Frankly. I can't.
And what's with 98% of the signatures being OSX???? This is a JAVA script vulnerability! When have you known Windows users to have such a complete install of a patch to any vulnerability that almost ALL hits from a cross platform bot are from a non-Windows source??? Doctor Web on first report said 56% were Macs... now, suddenly Kaspersky says 98% are Macs? What gives? I simply don't believe it.
I think the OS signatures are being spoofed by the Trojan, an easy thing to dosince Mac users are NOT reporting finding the Trojan in large numbers on the forums! Mac users are notorious for reporting problems when they find themand they simply are not reporting this.