Earlier this month, the Mac community first became aware of Flashback (or Flashfake), a nasty piece of malware that used a Java exploit to turn infected computers into part of an ever-growing botnet. When its presence was announced, it was estimated to have infected over 600,000 computers. Now, thanks to quick action by Apple and security firms, the number of infected computers is estimated to be under 30,000. However, this probably marks the death of Mac’s fictional invulnerability to malware and other digital nasties.
The security firm Kaspersky Labs told Ars Technica that the Flashback botnet was in a tailspin, though 30,000 is still a fairly large number of infected computers. Interestingly, the security firm’s Kurt Baumgartner revealed what they believe is the business model behind the malware. They speculate that the malware came from a small group of hackers based in Europe who were hoping to net ad revenue by pushing their botnet of users toward particular URLs. From Kaspersky Lab:
[…] They haven’t commited large unique financial crimes to attract the attention of law enforcement, and their malware contains hooks and other code to perform more sophisticated banking crime than search traffic hijacking, but they most likely were looking to make a multitude of small financial gains. […] But based on the domain registrations we have examined, the individuals are not quite so public and they are hiding their identities while they hijack search engine traffic. The malware itself injects a number of hooks into running applications, much like the Zeus, SpyEye, and other spyware. If these were used for financial crimes, the group operating this botnet would need to organize money mules and accomplices to launder their stolen money, which would grow the group and attract the attention of other authorities.
That’s the good news: The botnet is shrinking, and no sensitive information appears to have been accessed by the malicious software. However, that’s about all the good news there is. Baumgartner writes that an uptick in malicious software targeted at Macs coincides with the computers now being responsible for 5% of all desktops and laptops — a 15 year high for the company. He believes that this is a critical turning point for malicious software creators, as there are now enough Macs to warrant hacker’s attention.
The takeaway is that no computer, no matter the maker, is immune to malware. With the growing number of Macs, Baumgartner expects that Flashback won’t be the last successful malware to go after Apple users. Next time, it might not be so benign, either.
UPDATE: The original discoverers of the Flashback trojan state the above numbers have been misreported, and have corrected the total here.
(Kaspersky Lab via Ars Technica via Techmeme, image via Ars Technica)
- Flashback had over half a million computers infected
- Then Apple pushed out a security update
- And a removal tool
- But then a new piece of malware popped up
