You know, that’s gotta suck.
From ZDNet:
Two months ago, a new variant of the Flashback Trojan started exploiting a security hole in Java to silently infect Mac OS X machines. Apple has since patched Java, but this was only yesterday. As of today, more than 600,000 Macs are currently infected with the Flashback Trojan, which steals your user names and passwords to popular websites by monitoring your network traffic.
Now, my curiousity is, has anyone been able to corroborate those numbers? Not doubting that it’s possible rather, not trusting a single source on this number.
If you think your Mac might be compromised the folks at F-Secure have some removal instructions.
From F-Secure:
Trojan-Downloader:OSX/Flashback.I is dropped by malicious Java applets that exploit the known CVE-2011-3544 vulnerability.
On execution, the malware will prompt the unsuspecting user for the administrator password. Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done.
If infection is successful, the malware will modify the contents of certain webpages displayed by web browsers; the specific webpages targeted and changes made are determined based on configuration information retrieved by the malware from a remote server.
I would be interested to get my hands on a sample of this malware.
Source: Article Link
UPDATE:
Flashback trojan uses MAC address as the User-Agent when connecting to C&C servers. If Dr. Web is counting them, their numbers are accurate.
— Mikko Hypponen (@mikko) April 5, 2012
(Image used under CC from twenty_questions)
