More than 700,000 Macintosh computers have been infected with malware that exploits a flaw in Java, and the number keeps growing.
The Flashback Trojan, which plants an executable file on a Mac that fetches additional malware, was uncovered earlier this week by Doctor Web.
The infection has reached 700,000 computers, but its growth has slowed down, Doctor Web CEO Boris Sharov told MacNewsWorld.
"If the current numbers are correct, this would be largest infection on the Mac we've ever seen before," Symantec (Nasdaq: SYMC) Researcher Liam O Murchu told MacNewsWorld
Steals Passwords
The Trojan is
spread whenever a Mac comes into contact with an infected webpage. It's
estimated that there are some 4 million pages on the Web infected with the
malware.
Once a Mac
lands on an infected page, the Trojan is planted on it without the operator's
knowledge. Then the malware downloads more pernicious software from its
master's servers.
Two kinds of
software are being pulled into infected Macs at the moment, according to Sophos Security Advisor Chet Wisniewski.
One software
payload tries to steal passwords from an infected system.
The other
payload redirects online searches to other locations on the Web. " When
you go to Google (Nasdaq:
GOOG), it takes you someplace else that looks a lot like Google but generates
advertising revenue for the bad guys," he told MacNewsworld.
Apple Fix
Apple (Nasdaq: AAPL) did not respond to
our request for comment on this story.
However, on
Tuesday it released a new version of Java, 1.6.0_31, that addresses the flaw
that Flashback is exploiting.
"Multiple
vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an
untrusted Java applet to execute arbitrary code outside the Java sandbox,"
Apple explains on a support Web page.
"Visiting
a Web page containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user," it
added.
Global Attack
A fix for the
flaw in Java for Windows and Linux was released by Oracle (Nasdaq: ORCL) in February -- right
about the time the infections started appearing on Macs.
"When
Oracle released the patch in February, we would have expected that Apple would
have patched it much sooner than waiting for seven weeks until this crisis
developed," Wisniewski observed.
"Their
response time on patching Java has been atrocious," he maintained.
"Over the last several years, on average, they've been somewhere around
six months behind in patching vulnerabilities in Java, although in the last six
months they've improved to two to three months behind."
While
Flashback has focused much attention on Apple, its mischief reaches beyond the
Mac realm, according to Doctor Web's Sharov.
"One
should be aware that the attack was a global on e-- against Windows, Macs and
Linux," he told MacNewsWorld.
"We often
see such attacks, and this one was not an exception," he continued.
"You visit an infected site and the script immediately determines which
system you are on and it gets the 'right' malware for you."
Mac Owners Have Money, Too
Attacks on
Macs are nothing new, he added. Doctor Web identified a Mac botnet two years
ago, and that wasn't the first found in the wild, he noted.
"Mac
users have something to share with the criminals -- their money," he
added. "Why should the criminals not to accept it? And Mac users are much
more careless, as they all believe their Macs are safe."
A turning
point in Mac scams occurred last year with the arrival of a phony antivirus
software epidemic, asserted Roel Schouwenberg, a senior researcher with Kaspersky
Lab.
"All of a
sudden, people saw OS X could be attacked on a big scale and you could make
money off it," he told MacNewsWorld.
For Mac users
who are hoping Flashback will be a flash in the pan, Dave Marcus, director of
advanced research and threat intelligence at McAfee Labs, has some bad news for you.
Mac malware infections are on an upward trend.