Flashback Trojan Reportedly Controls Half a Million Macs and Counting

via Daring Fireball by John Gruber on 4/5/12

Jacqui Cheng, Ars Technica:

Variations of the Flashback trojan have reportedly infected more than half a million Macs around the globe, according to Russian antivirus company Dr. Web. The company made an announcement on Wednesday — first in Russian and later in English — about the growing Mac botnet, first claiming 550,000 infected Macs. Later in the day, however, Dr. Web malware analyst Sorokin Ivan posted to Twitter that the count had gone up to 600,000, with 274 bots even checking in from Cupertino, CA, where Apple’s headquarters are located.

Cheng links to F-Secure, who has instructions for checking if your system is infected. If you don’t have Java installed (or have it installed, but keep it disabled in your web browsers) you should be safe.

The weird thing to me is that if true, this sounds like the worst malware problem Mac OS X has ever seen — yet there doesn’t seem to be any hysterical media coverage about it. Hypothetical Mac security problems often get hysterical coverage; now we apparently have an actual security problem and it’s no big deal?

Update: I’m curious to hear from any readers who determine that their system’s been infected by this thing.

Update 2: Via email and public Twitter replies, I’ve seen reports from about a dozen or so DF readers who’ve been hit by this. And they all seem like typical DF readers — sophisticated, experienced, if not downright expert Mac users. It’s not an epidemic, but it’s definitely real, and insidious.

And regarding the lack of hype surrounding Flashback, DF reader Paul Hoffman (via email) has a theory:

I suspect that there hasn’t been that much hype is that the hype is normally generated by the anti-virus companies, and (from what I have heard) none of the Mac AV software caught this until yesterday. Whoopsie.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>