Jump to content

Flashback (Trojan)

Edit links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 193.110.109.30 (talk) at 14:40, 13 April 2012. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Trojan BackDoor.Flashback, commonly referred to as the Flashback trojan, is a trojan horse affecting personal computer systems running Mac OS X.[1][2] The first variant of Flashback was discovered by antivirus company Intego in September 2011.[3]

Infection

According to the Russian antivirus company Dr. Web, a modified version of the "BackDoor.Flashback.39" variant of the Flashback trojan has infected over 600,000 Mac computers, forming a botnet that includes 274 bots located in Cupertino, California, the location of the headquarters of Apple Inc.[4][5] The findings were confirmed one day later by another computer security firm, Kaspersky Lab.[6] This variant of the malware was first detected in April 2012[7] by Finland-based computer security firm F-Secure.[8] Dr. Web estimated that in early April 2012, 56.6% of infected computers were located within the United States, 19.8% in Canada, 12.8% in the United Kingdom and 6.1% in Australia.[5]

Details

The trojan targets a Java vulnerability on Mac OS X. The system is infected after the user is redirected to a compromised bogus site, where JavaScript code causes an applet containing an exploit to load. An executable file is saved on the local machine, which is used to download and run malicious code from a remote location. The malware also switches between various servers for optimised load balancing. Each bot is given a unique ID that is sent to the control server.[5]

Resolution

Oracle, the company that develops Java, fixed the vulnerability exploited to install Flashback on February 14, 2012.[7] However, Apple maintains the Mac OS X version of Java and did not release an update containing the fix until April 3, 2012,[9] after the flaw had already been exploited to install Flashback on 600,000 Macs.[10] On April 12, 2012, the company issued a further update to remove the most common Flashback variants.[11] Both these updates were only released for Mac OS X Lion and Mac OS X Snow Leopard; users of older operating systems were advised to disable Java.[9] There are also some third party programs to detect and remove the Flashback trojan.[10]

See also

References

  1. ^ 5 April 2012, Flashback Trojan botnet infects 600,000 Macs, Siliconrepublic
  2. ^ 5 April 2012, 600,000 infected Macs are found in a botnet, The Inquirer
  3. ^ September 26, 2011, Mac Flashback Trojan Horse Masquerades as Flash Player Installer Package, Intego Security
  4. ^ Jacqui Cheng, 4 April 2012, Flashback trojan reportedly controls half a million Macs and counting, Ars Technica
  5. ^ a b c 4 April 2012, Doctor Web exposes 550 000 strong Mac botnet Dr. Web
  6. ^ Chloe Albanesius, 6 April 2012, Kaspersky Confirms Widespread Mac Infections Via Flashback Trojan, PCMag
  7. ^ a b "Half a million Mac computers 'infected with malware'". BBC. April 5 2012. Retrieved April 5, 2012. {{cite news}}: Check date values in: |date= (help)
  8. ^ 11 April 2012, Apple crafting weapon to vanquish Flashback virus, Sydney Morning Herald
  9. ^ a b "About Flashback malware". Apple. April 10 2012. Retrieved April 12 2012. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  10. ^ a b "flashbackcheck.com". Kaspersky. April 9 2012. Retrieved April 12 2012. {{cite web}}: Check date values in: |accessdate= and |date= (help)
  11. ^ "About Java for OS X Lion 2012-003". Apple. April 12 2012. Retrieved April 12 2012. {{cite web}}: Check date values in: |accessdate= and |date= (help)
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Flashback_(Trojan)&oldid=487182922"