A Trojan horse, Flashback, has affected more than half a million Apple Mac systems, according to a report from a Russian firm.

Russian anti-virus vendor, Doctor Web, has conducted a research to determine the scale of spreading of Trojan BackDoor.Flashback that infects computers running Mac OS X.

They found that the Trojan BackDoor.Flashback has affected more than 550,000 machines, most of which are located in the United States and Canada.

While 56.6% (303,449) of computers have been affected in the United States by the Trojan and Canada comes second with 19.8% (106,379) infected computers; the third place is taken by the United Kingdom with 12.8% (68,577) injected computers and Australia comes fourth with 6.1% (32,527) computers that have been injected.

The website of Dr Web said that the systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system.

The firm's virus analysts discovered a large number of websites containing a JavaScript that loads a Java Applet containing the exploit code.

The recently discovered website that had the codes included:

  • godofwar3.rr.nu
  • ironmanvideo.rr.nu
  • killaoftime.rr.nu
  • gangstasparadise.rr.nu
  • mystreamvideo.rr.nu
  • bestustreamtv.rr.nu
  • ustreambesttv.rr.nu
  • ustreamtvonline.rr.nu
  • ustream-tv.rr.nu
  • ustream.rr.nu

"By introducing the code criminals are potentially able to control the machine," the firm's chief executive Boris Sharov told the BBC.

"We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals' hands. However, we know people create viruses to get money," he added.

According to Dr Web, the attackers have spread the malware in February. Java developer, Oracle, issued a fix to the vulnerability on 14 February, but this did not work on Macintoshes as Apple manages Java updates to its computers.

Apple issued two security patches for the Trojan on 4 April, a month after the attack. This has left security experts criticising Apple for such a slow reaction, while Oracle issued a fix a month ago.

Helsinki-based security firm, F-Secure, has published the instructions on how to identify Fakeflash and remove the virus manually.