Security giant Kaspersky Lab has confirmed that the botnet Flashfake has infected
600 000 computers worldwide, and more than 98% of the infected computers were most likely running a version of Mac OS X.
The security vendor explains that, in order to infect victims' computers, the cyber criminals behind the Flashfake botnet were installing a Flashfake Trojan that gained entry into users' computers without their knowledge by exploiting vulnerabilities in Java.
According to a Kaspersky report, Flashfake is a family of OS X malware that first appeared in September 2011. Previous variants of the malware relied on cyber criminals using social engineering techniques to trick users into downloading the malicious program and installing it on their systems.
However, Kaspersky warns the latest version of Flashfake does not require any user interaction and is installed via a drive-by download, which occurs when victims unwittingly visit infected Web sites, allowing the Trojan to be downloaded directly onto their computers through Java vulnerabilities.
Kaspersky experts indicate that cyber criminals use Flashfake to issue malware onto compromised machines to steal passwords and credit card details.
Although Oracle issued a patch for this vulnerability three months ago, Kaspersky says Apple delayed in sending a security update to its customer base until 2 April.
“The three-month delay in sending a security update was a bad decision on Apple's part,” Kaspersky Lab's chief security expert, Alexander Gostev, points out.
Gostev says that, firstly, Apple does not allow Oracle to patch Java for Mac as Apple normally does this itself, usually several months later. “This means the window of exposure for Mac users is much longer than PC users.
“This is especially bad news since Apple's standard anti-virus update is a rudimentary affair, which only adds new signatures when a threat is deemed large enough. Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time. The problem is exacerbated because - up to now - Apple has enjoyed a mythical reputation for being 'malware free'. Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security.”
The regions that were most infected include the US (300 917 infected computers), followed by Canada (94 625), the UK (47 109) and Australia (41 600).
Kaspersky security experts urge users who have not updated their systems with the latest security to install an update immediately to avoid infection.
Share