Half a Million Mac Computers ‘Infected With Malware’, Apple Issues Fix [Update]

More than half a million Apple computers have been infected with the Flashback Trojan, announced a Russian anti-virus firm.

Doctor Web - the Russian anti-virus vendor - conducted a research to determine the scale of spreading of Trojan BackDoor. Photo: Jesse Means/Flickr

Update: On April 5, MacRumors reported that Apple release another update to Java for OS X, called Java for OS X 2012-002. The site also indicates it’s still unclear what this newest update actually does, as its support document gives no new information.

Intego, Mac security blog, explained that Apple may have discovered a minor glitch in the first update it released on April 3 and points out that this latest update seems to only be available for Lion, while the last one was available for both Snow Leopard and Lion.

Previously: Doctor Web, the Russian anti-virus vendor, is sure that about 600,000 Macs have installed the malware – potentially allowing them to be hijacked and used as a “botnet”. More than half that number are reportedly based in the US, reports The Huffington Post.

Apple has released a security update, but users who have not installed the patch remain under the risk to have their computers attacked.

The virus was first found last September when researchers flagged up software masquerading itself as a Flash Player update, BBC writes. Once downloaded it deactivated some of the computer’s security software.

Dr Web spokesperson explained that when the Trojan is installed is sends a message to the intruder’s control server with a unique ID to identify the infected machine.

“There are no visible symptoms for this Mac virus, except for making sporadic connections to unknown servers that can be only seen in the Firewall logs, if any firewall is in place,” Boris Sharov, CEO of Doctor Web, announced.

“The symptoms also depend on the payload that may be downloaded upon the command from the control server.” “By introducing the code criminals are potentially able to control the machine,” Sharov told the reporters.

“We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals’ hands. However, we know people create viruses to get money.”

“The largest amounts of bots – based on the IP addresses we identified – are in the US, Canada, UK and Australia, so it appears to have targeted English-speaking people,” he added.

Dr Web advises Mac’s users to download a security update released by Apple on April 3 to patch up the security holes that exist in Java.

Mike Geide, senior security researcher at cloud security company Zscaler ThreatLabZ, warned of the importance of keeping your software up to date, no matter what OS you use.

“This latest wave of infections is a wake-up call to Mac users that their system is not immune to threats,” Geide said in an emailed statement.

“And the need to follow best security practices, such as remaining current with patches, is ubiquitous – it doesn’t matter if you’re using Windows, Mac, or even mobile phone.”

The anti-virus company also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California – home to Apple’s headquarters.

Most infected computers reside in the United States (56.6%, or 303,449 infected hosts), Canada comes second (19.8%, or 106,379 infected computers), the third place is taken by the United Kingdom (12.8% or 68,577 cases of infection) and Australia with 6.1% (32,527 infected hosts) is the fourth.

The news comes after Apple continues to position OS X as a more secure alternative to other computer makers. “A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers,” Apples notes on its homepage. “That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.”

Share this article

We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language, all capital letters or appear to be spam, and we review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Coinspeaker Ltd.