PhotoA Russian anti-virus company, Doctor Web, has issued a report saying its research shows the Trojan BackDoor.Flashback is now infecting more than a half-million computers running Apple's Mac OS X.

It says most of the infected machines are in the U.S. and Canada. While Apple users have long thought their machines were virtually invulnerable to virus and worm threats, the harsh truth is that most threats were aimed at Windows machines simply because there are so many more of them. With Apple taking a bigger market share, it becomes a more attractive target.

"Systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system,” the company said in a press release. “JavaScript code is used to load a Java-applet containing an exploit. Doctor Web's virus analysts discovered a large number of web-sites containing the code.”

According to the security firm, the recently discovered codes include:

  • godofwar3.rr.nu
  • ironmanvideo.rr.nu
  • killaoftime.rr.nu
  • gangstasparadise.rr.nu
  • mystreamvideo.rr.nu
  • bestustreamtv.rr.nu
  • ustreambesttv.rr.nu
  • ustreamtvonline.rr.nu
  • ustream-tv.rr.nu
  • ustream.rr.nu

The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download malicious payload from a remote server and to launch it. Once launched, it gives the hacker control of the user's machine. Doctor Web said it found two versions of the Trojan horse: attackers started using a modified version of BackDoor.Flashback.39 around April 1.

The news has Apple user forums buzzing, with Mac owners looking for instructions for determining if a machine is infected. Several users offered simple tests to determine if a Mac is clean or infected. Doctor Web said Apple closed the vulnerability on April 3 by issuing a patch. Users who do not install it remain exposed, according to the security firm.


Share your Comments