A Russian antivirus company, Dr. Web claimed that more than 600,000 Macintosh computers are infected with trojan horse virus called “Flashback.” Most of these computers are located in the United States and Canada.
Company published a report on website where it claimed that 550,000 computers are infected. Later it tweeted and increase the number to 600,000.
@mikko, at this moment botnet Flashback over 600k, include 274 bots from Cupertino and special for you Mikko – 285 from Finland
— Sorokin Ivan (@hexminer) April 4, 2012
According to the company, Systems go infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. This trojan was originally discovered in September 2011 and was designed to disguise itself as an Adobe Flash Player installer, using Flash player logos. Doctor Web’s virus analysts discovered a large number of web-sites containing the code. The recently discovered ones include:
- godofwar3.rr.nu
- ironmanvideo.rr.nu
- killaoftime.rr.nu
- gangstasparadise.rr.nu
- mystreamvideo.rr.nu
- bestustreamtv.rr.nu
- ustreambesttv.rr.nu
- ustreamtvonline.rr.nu
- ustream-tv.rr.nu
- ustream.rr.nu
“According to some sources, links to more than four million compromised web-pages could be found on a Google SERP at the end of March. In addition, some posts on Apple user forums described cases of infection by BackDoor.Flashback.39 when visiting dlink.com,” company said in a report.
“Attackers began to exploit CVE-2011-3544 and CVE-2008-5353 vulnerabilities to spread malware in February 2012, and after March 16 they switched to another exploit (CVE-2012-0507). The vulnerability has been closed by Apple only on April 3 2012,” report added.
This big attack came just after the apple claim OS X as a more secure alternative to Windows. Apple also added a message on home page saying,”A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers.”
