Russian-based Doctor Web has exposed a large-scale botnet operating on Apple's Macintosh computers, which could be a move towards anti-virus being necessary on Mac OS X machines. In fact, the scale of the actual botnet could be large enough to comprise half a million Macintosh computers, with analysts being unable to predict the full scale.
Malware for OS X, called "Backdoor.Flashback", is running on up to 550,000 different machines mostly located in the United States and Canada. Dr.Web's report is extremely detailed, including an infographic of infections by countries. The botnet stems from machines being redirected to bogus websites, or other traffic distribution systems. Sites used for this are presumably of Russian origin, but the number of sites is currently unknown.
JavaScript code is used to load to a Java-applet containing the actual exploit. At the end of March, a Google search found around four million different page which could be spreading the malware. Some posts on Apple's own user forums describe being infected with the malware when visiting DLink.com; DLink produce routers and similar devices.
Exploits are being distributed over three main weaknesses:
- CVE-2011-3544
- CVE-2008-5353
- CVE-2012-0507
Vulnerabilities and exploits were being distributed from around February 2012, though the third of the vulnerabilities listed was only used from March 2012 onwards. On March 3rd, Apple fixed the vulnerability.
While you might not be caught in a botnet now, it is still worth remembering that the botnets might still be in effect with machines that were infected. It can only help to check your machine in case you have an infection. If you do it should be easily removed.
82 Comments - Add comment