More than half-a-million Mac computers have reportedly been infested with the Flashback Trojan and a study has been conducted, by Russian anti-virus vendor Dr Web, to establish details of the spreading Trojan BackDoor.Flashback on systems running Mac OS X. According to Symantec, the US has the highest concentration of Flashback infections with 47.3 percent, followed by Canada with 13 percent and UK with 6.1 percent.
BackDoor.Flashback.39 infects the systems after a user gets redirected to a bogus site via compromised resource or a traffic distribution system.
According to Apple Insider, Apple Inc. has confirmed it is working on software to detect and remove the Flashback malware. The company has provided a support document which describes the software. It also mentions that a Java update was released on 3 April which fixes the Java security flaw for systems running on OS X v10.7 and Mac OS X v10.6. Mac systems can run the software update at any time to check for the recent updates. In addition, the users can get the automatic checks for software updates every week; these are set by default. However, it is recommended to make the changes in the Software Update preferences.
According to site, the tech giant is developing software which will detect and remove the Flashback malware. A Trojan could give full control of an infected computer to another system, allowing a hacker to remotely access the victim's computer system. Apple has been working with Internet Service Providers (ISPs) worldwide to disable command and control networks, which are being utilised by the hackers to exploit the malware.
"In addition to the Java vulnerability, the Flashback malware depends on computer servers which are hosted by the malware authors to perform any of its critical functions," Apple elaborated.
Macs running on Macs OS X v10.5 or earlier can protect their systems from malware by disabling Java in web browser preferences. Moreover, according to PC Mag, the number of systems getting infected has declined in the last 24 hours - from a reported 380,000 on 10 April to 270,000 over the last 24 hours.
According to PC Mag Security Watch, these malicious Web sites exploited a specific Java vulnerability (CVE-2012-0507) that allowed the Flashback.K to download itself without alerting the user. Once installed, the malware displayed a dialog window to ask the user for the administrative password. Even if users didn't enter the password, it was too late, as the malware was already resident on the computer.