14 DAY TRIAL // Russian anti-virus vendor Doctor Web has conducted a study to determine the scope of the Trojan BackDoor. Flashback spreading across Macintosh computers and learned that the botnet encompasses more than 600,000 infected machines.
Most of these infected Macs are located in the United States and Canada, as shown in the localization chart to the left.
The security researchers working for the Russian anti-virus vendor believe that “this once again refutes claims by some experts that there are no cyber-threats to Mac OS X.”
“Systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system,” reports Dr. Web.
“JavaScript code is used to load a Java-applet containing an exploit. Doctor Web's virus analysts discovered a large number of web-sites containing the code.”
According to the company, the recently discovered ones include: godofwar3.rr.nu; ronmanvideo.rr.nu; killaoftime.rr.nu; gangstasparadise.rr.nu; mystreamvideo.rr.nu; bestustreamtv.rr.nu; streambesttv.rr.nu; ustreamtvonline.rr.nu; ustream-tv.rr.nu; ustream.rr.nu.
Citing unnamed sources, the security vendor adds that a Google SERP at the end of March churned up links to more than four million compromised web-pages, and that some Apple forum users mentioned BackDoor.Flashback.39 when describing their particular cases after visiting dlink.com.
“Attackers began to exploit CVE-2011-3544 and CVE-2008-5353 vulnerabilities to spread malware in February 2012, and after March 16 they switched to another exploit (CVE-2012-0507). The vulnerability has been closed by Apple only on April 3 2012,” Dr. Web reports.
Apple released its Java patches this week, months after the people at Oracle had addressed the matter on their end. Apple typically falls behind schedule when it comes to Java security releases.
Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7 deliver “improved reliability, security, and compatibility for Java SE 6,” Apple said in a tech note. An additional document on the company’s support site describes the vulnerability in greater detail.