Categories: MacSecurityWorkspace

Apple Plotting Flashback Botnet Murder

Apple is working with internet service providers to dismantle the command and control (C&C) infrastructure of the Flashback botnet, which has been infecting Mac machines across the world.

Security company Dr Web said over 600,000 machines had been hit by Flashback. Other vendors have pushed out software to help users determine whether they are infected with Flashback, and Apple released a patch for various Java vulnerabilities being exploited by the malware.

Apple strikes back

Now Apple is going one step further in attempting to take apart the Flashback botnet, whilst developing software to detect and remove the malware itself.

“In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network,” an Apple Knowledge Base article read.

Apple also advised Mac owners running Mac OS X v10.5 or earlier to disable Java in web browser preferences if they wanted to give themselves better protection. The patch released on 3 April did not cover those operating systems.

It appears Apple has already moved to shut down servers it believes is running C&C operations for Flashback. However, it appears the company mistakenly targeted a sinkhole operation being run by Dr Web.

Dr Web, which said yesterday over 650,000 computers running Mac OS X  had been infected by Flashback, claimed a “corporation made unsuccessful attempts to block domains used by Doctor Web to study the BackDoor.Flashback.39 botnet.” Boris Sharov, chief executive of the security firm, suggested it was Apple that had requested one of its domains be taken down.

Kaspersky criticism

Meanwhile, Kaspersky has claimed 670,000 machines have Flashback on them, making it the largest Mac-based infection to date. There are 47,109 infected systems in the UK.

Kaspersky also took to criticising Apple for not moving faster in issuing a patch. The three month delay in sending a security update was a bad decision on Apple’s part,” said Kaspersky Lab’s Chief Security Expert, Alexander Gostev.

“There are a few reasons for this. First, Apple doesn’t allow Oracle to patch Java for Mac. They do it themselves, usually several months later. This means the window of exposure for Mac users is much longer than PC users.

“This is especially bad news since Apple’s standard AV update is a rudimentary affair which only adds new signatures when a threat is deemed large enough. Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time. The problem is exacerbated because – up to now – Apple has enjoyed a mythical reputation for being ‘malware free’. Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security.”

Think you know security? Test yourself with our quiz.

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago