Categories: MacSecurityWorkspace

Apple Plotting Flashback Botnet Murder

Apple is working with internet service providers to dismantle the command and control (C&C) infrastructure of the Flashback botnet, which has been infecting Mac machines across the world.

Security company Dr Web said over 600,000 machines had been hit by Flashback. Other vendors have pushed out software to help users determine whether they are infected with Flashback, and Apple released a patch for various Java vulnerabilities being exploited by the malware.

Apple strikes back

Now Apple is going one step further in attempting to take apart the Flashback botnet, whilst developing software to detect and remove the malware itself.

“In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network,” an Apple Knowledge Base article read.

Apple also advised Mac owners running Mac OS X v10.5 or earlier to disable Java in web browser preferences if they wanted to give themselves better protection. The patch released on 3 April did not cover those operating systems.

It appears Apple has already moved to shut down servers it believes is running C&C operations for Flashback. However, it appears the company mistakenly targeted a sinkhole operation being run by Dr Web.

Dr Web, which said yesterday over 650,000 computers running Mac OS X  had been infected by Flashback, claimed a “corporation made unsuccessful attempts to block domains used by Doctor Web to study the BackDoor.Flashback.39 botnet.” Boris Sharov, chief executive of the security firm, suggested it was Apple that had requested one of its domains be taken down.

Kaspersky criticism

Meanwhile, Kaspersky has claimed 670,000 machines have Flashback on them, making it the largest Mac-based infection to date. There are 47,109 infected systems in the UK.

Kaspersky also took to criticising Apple for not moving faster in issuing a patch. The three month delay in sending a security update was a bad decision on Apple’s part,” said Kaspersky Lab’s Chief Security Expert, Alexander Gostev.

“There are a few reasons for this. First, Apple doesn’t allow Oracle to patch Java for Mac. They do it themselves, usually several months later. This means the window of exposure for Mac users is much longer than PC users.

“This is especially bad news since Apple’s standard AV update is a rudimentary affair which only adds new signatures when a threat is deemed large enough. Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time. The problem is exacerbated because – up to now – Apple has enjoyed a mythical reputation for being ‘malware free’. Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security.”

Think you know security? Test yourself with our quiz.

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

20 mins ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

17 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

20 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

21 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

22 hours ago