Apple is working with internet service providers to dismantle the command and control (C&C) infrastructure of the Flashback botnet, which has been infecting Mac machines across the world.
Security company Dr Web said over 600,000 machines had been hit by Flashback. Other vendors have pushed out software to help users determine whether they are infected with Flashback, and Apple released a patch for various Java vulnerabilities being exploited by the malware.
“In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network,” an Apple Knowledge Base article read.
Apple also advised Mac owners running Mac OS X v10.5 or earlier to disable Java in web browser preferences if they wanted to give themselves better protection. The patch released on 3 April did not cover those operating systems.
It appears Apple has already moved to shut down servers it believes is running C&C operations for Flashback. However, it appears the company mistakenly targeted a sinkhole operation being run by Dr Web.
Dr Web, which said yesterday over 650,000 computers running Mac OS X had been infected by Flashback, claimed a “corporation made unsuccessful attempts to block domains used by Doctor Web to study the BackDoor.Flashback.39 botnet.” Boris Sharov, chief executive of the security firm, suggested it was Apple that had requested one of its domains be taken down.
Meanwhile, Kaspersky has claimed 670,000 machines have Flashback on them, making it the largest Mac-based infection to date. There are 47,109 infected systems in the UK.
Kaspersky also took to criticising Apple for not moving faster in issuing a patch. The three month delay in sending a security update was a bad decision on Apple’s part,” said Kaspersky Lab’s Chief Security Expert, Alexander Gostev.
“There are a few reasons for this. First, Apple doesn’t allow Oracle to patch Java for Mac. They do it themselves, usually several months later. This means the window of exposure for Mac users is much longer than PC users.
“This is especially bad news since Apple’s standard AV update is a rudimentary affair which only adds new signatures when a threat is deemed large enough. Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time. The problem is exacerbated because – up to now – Apple has enjoyed a mythical reputation for being ‘malware free’. Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security.”
Think you know security? Test yourself with our quiz.
Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…
Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…
OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…
New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…
US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…
Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…