More than 600,000 Macs infected with Flashback botnet

Discussion in 'malware problems & news' started by EncryptedBytes, Apr 5, 2012.

Thread Status:
Not open for further replies.
  1. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    A responsible Mac user.:thumb:
     
  2. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    349
    Don't worry. If it gets too bad, Apple will just shut your computer down by remote control until they fix it! (Just kidding)
     
    Last edited: Apr 8, 2012
  3. crapbag

    crapbag Registered Member

    Joined:
    Mar 14, 2011
    Posts:
    144
    My lady has used Macs for something like 5 years and never had any kind of AV protection. I don't even think she updates all that regularly. I kinda hope it's automatic :rolleyes:

    Being a PC man, I'm a paranoid nut-job compared to her.

    It's one of those weird things. Some of the AV's available for Macs are pretty pricy *cough* Intego *cough*. Until Mac viruses become a bit more widespread it just isn't worth shelling out for.

    After reading about this new bug I made her install Sophos free Mac AV.

    A scan revealed she had 9 threats. Only one was a Mac bug, some fake AV for Macs app. The other 8 threats were Windows threats. We've left them on there for now.

    It's a tough call, but if you can get decent free or cheapish protection for your Mac I don't get why you wouldn't use it.
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    The thing is lets say you have an infected email thats target for windows on your mac,sure it wont hurt you but lets say you sent it off to family,friends running windows and they open the infected email that came from you.:mad: It is there resposibility to protect them self,but regardless you will become the evil villian that sent it to them.


    Thats what greatwhite pointed out in post # 24 about infecting windoz users by running a AV program to prevent it all around.
     
    Last edited: Apr 9, 2012
  5. SergM

    SergM Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    236
    Location:
    Saint-Petersburg Russia
    BackDoor.Flashback.39 epidemic chronology

    April 10, 2012
    The news of the outbreak of BackDoor.Flashback.39 that has infected over 650 000 computers running Mac OS X quickly spread throughout the world, causing a strong public response. The Russian anti-virus company Doctor Web that was the first to issue a warning concerning this threat presents the brief BackDoor.Flashback.39 outbreak chronology.


    February 2012 Oracle released an update for the Java Virtual Machine closing vulnerabilities exploited by BackDoor.Flashback.39.
    March 25, 2012 First Flashback botnet domains registered
    March 27, 2012 Doctor Web added the BackDoor.Flashback.39 signature into the virus database used by its Dr.Web for Mac OS X.
    April 3, 2012 Doctor Web analysts reverse-engineered the routine employed by BackDoor.Flashback.39 to generate control server domain names, registered several domain names and began gathering statistics by analysing requests received from bots. More than 130000 bot replies were received in the very first hours.
    April 4, 2012 According to data collected by Doctor Web virus laboratory, the number of infected hosts in the BackDoor.Flashback.39 botnet reached 550,000. Doctor Web issued a press-release concerning the BackDoor.Flashback.39 epidemic.
    April 4, 2012 (April 3 for North America). Apple has released an update for Apple Java closing the vulnerabilities exploited by the Trojan BackDoor.Flashback.39. Due to the difference in time zones, many Mac OS X users got the update after a significant delay.
    April 4, 2012 The number of hosts in the botnet exceeded 600 thousand infected Macs.
    April 6, 2012 Apple released a second update that closed the vulnerabilities exploited by the Trojan BackDoor.Flashback.39.
    April 9, 10 A corporation made unsuccessful attempts to block domains used by Doctor Web to study the BackDoor.Flashback.39 botnet.
    April 10 The total number of computers infected by the Trojan has exceeded 650,000.

    The current number of machines infected by BackDoor.Flashback.39 is 655 700. Mac users can use the free service from Doctor Web at www.drweb.com/flashback/ to check if their computers are infected.

    View the article
     
  6. SergM

    SergM Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    236
    Location:
    Saint-Petersburg Russia
  7. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    16,517
    Location:
    U.S.A.
  8. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,127
    Location:
    USA
    But MAC's don't get infected. Ask at the Apple forum.:blink:
     
  9. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
  10. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Hopefully they will change there tune or just stay in denial.
     
  11. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,348
  12. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,348
    Free stand-alone removal tool from F-Secure:
    http://www.f-secure.com/weblog/archives/00002346.html

    Free stand-alone removal tool from Kaspersky (already mentioned by JRViejo):
    http://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_checking_site

    ===

    BBC tech site:
    http://www.bbc.co.uk/news/technology-17675314
    Apple develops tool to 'detect and remove' Flashback Trojan

    PCMag:
    http://www.pcmag.com/article2/0,2817,2402914,00.asp
    Number of Macs Infected With Flashback Trojan on the Decline

    PCWorld:
    http://www.pcworld.com/article/2535...tool_and_website_to_check_for_infections.html

    Sophos:
    http://nakedsecurity.sophos.com/2012/04/10/macs-safer-than-pcs/
    Are Macs safer than PCs?

    Symantec:
    http://www.symantec.com/connect/blogs/osxflashbackk-suffering-slashback-infections-down-270000
    OSX.Flashback.K – Suffering a Slashback – Infections Down to 270,000
     
  13. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,394
  14. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    16,517
    Location:
    U.S.A.
     
  15. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    669
  16. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,024
    http://www.itworld.com/software/267...cludes-innovative-approach-reducing-risk-macs
     
  17. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I'm not sure if it's just me, but I can't stop but have the feeling that also automatically disables Java if it has not been used during the previous 35 days and Once disabled, users have to manually re-enable Java in order for Java applets to run again. is not really the solution.

    Sure, it's good to be disabled after a while, but what if from day 1 to 34, the user visits a legitimate website with some third-party ads, coming from an hijacked ad network, which will then point to an exploit ready to exploit a Java security vulnerability?

    Right. I didn't bother reading those articles, but do they make any mentions to Apple actually releasing Oracle's patches as soon as they come out? I imagine they don't, otherwise you folks would have mentioned something about it.

    It may be late to the game... The thing is, they're not playing the game, at all.
     
  18. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    16,517
    Location:
    U.S.A.
     
  19. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    16,517
    Location:
    U.S.A.
     
  20. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    16,517
    Location:
    U.S.A.
  21. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,713
    Location:
    NL
    Boris Sharov (DrWeb):
    http://twitter.com/#!/b_sharov/status/192586162517450752
     
  22. SergM

    SergM Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    236
    Location:
    Saint-Petersburg Russia
    Doctor Web doesn't register significant decrease in BackDoor.Flashback.39 bot number

    http://news.drweb.com/show/?i=2386&lng=en&c=5
     
  23. guest

    guest Guest

    Flashback infections not waning after all; 650,000 Macs still hijacked

    en_grafik_map_flashback_20_ap-4f91f74-intro-thumb-640xauto-33203.png
    This image charts the number of Flashback bots from April 3 to April 19.

     
  24. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    16,517
    Location:
    U.S.A.
     
  25. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
Thread Status:
Not open for further replies.