In the perennial Mac vs. PC debate, Mac users have always been able to cite one incontrovertible fact as an argument for their side: the Mac is far less susceptible than a Windows-based PC to viruses and other forms of malware. Unfortunately, however “less susceptible” does not mean “immune,” and occasionally a bit of malware that is directly targeted at Macs will pop up.
The latest of these is the Flashback botnet, which has apparently infected well over half a million Macs, most in either the US or Canada. Originally discovered last September, a new variant of the Flashback trojan was discovered over the weekend by Doctor Web, a Russian anti-virus company. It targets a previously un-patched Java vulnerability found in OS X. Though the exploit has since been patched, Dr. Web analyst Sorokin Ivan tweeted not long after the initial report that there are still around 600,000 infected Macs throughout the world.
@mikko, at this moment botnet Flashback over 600k, include 274 bots from Cupertino and special for you Mikko – 285 from Finland
— Sorokin Ivan (@hexminer) April 4, 2012
While previous versions of the malware required direct user interaction to install (it masqueraded as an installer for Adobe Flash Player), the latest variant uses the Java exploit to install without the users’s knowledge. Once installed, it runs when your browser does and modifies the web pages that are displayed.
If you are not infected, the best course of action is to run Software Update on your Mac and make sure you’ve got the most recent version of Java installed. If you don’t know whether you’re infected, F-Secure has posted a detailed walkthrough that will allow you to find and remove the malware using Terminal.
[Hat Tip, CNet]