News that more than 650,000 Mac computers were infected with a nasty Trojan horse virus called “Flashback” circulated the web last week and many scrambled to check if their systems were clean.
Although many updated Apple’s security update to prevent the Flashback Trojan from exploiting infected computers and others took steps to eliminate the malware from their systems all together, there are still thousands of infected Mac computers out there.
So what is the worst it could do?
Although the Trojan is now only conducting click fraud scam by hijacking people’s search engine results inside their web browsers, it has the potential to do greater damage, such as stealing banking or login credential. If the botnet remains connected to computers, cybercriminals could send new malware to their systems that cause bigger problems.
To understand the power of the Flashback, it’s important to note that it’s actually a family of Mac OS X malware that was first created in September 2011. It was designed to disguise itself as an Adobe Flash Player installer, using Flash player logos. After installing Flashback, the malware originally sought user names and passwords that are stored on Macs.
The Flashback Trojan — a variant of the family — was recently used to infect computers and is controlled and distributed via a botnet called Flashfake. The botnet, or a network of computers infected with malicious software that is controlled as a group, was designed to conduct a click fraud scam. This is common among cyber criminals that take advantage of pay-per-click campaigns by advertising companies.
“Previous versions for Flashback malware relied on social engineering tricks and did attempt to steal users’ information,” says Alex Gostev, chief security expert of anti-virus software provider Kaspersky Lab, who has been tracking the Trojan on a global scale. “However, the latest variant which is controlled by the Flashfake botnet is only being used for click fraud to date. The main difference is that this Flashback Trojan can be installed directly into users’ computers by exploiting the Java vulnerability.”
Although no other malicious activities been detected by the Trojan, the risk is significant because the malware functions as a downloader on users’ computers, Kaspersky Lab said. This means that cyber criminals behind Flashfake can easily issue new, updated malware that is capable of stealing confidential information such as passwords or credit card details and install it onto infected machines.
Last week, Apple released a security patch for Java that prevents the Flashback Trojan from exploiting the vulnerability to infect computers. Since then, Kaspersky Lab said it has seen a decline in the number of active bots for Flashfake, dropping from more than 650,000 infected computers to just 237,000.
However, the decrease in infected bots does not mean the botnet is on its way out. The numbers represent the active bots connected to Flashfake during the past few days – it is not the equivalent of the exact number of infected machines. Infected computers that were inactive during the weekend would not be communicating with Flashfake, which makes them not appear as an infected bot, the company said.
Since not all Mac users updated their system, the Trojan is still infecting Macs that do not have the patch installed.
Says Gostev: “We recommend users update their systems immediately with the latest security update from Apple.”
No comments:
Post a Comment