Analysis of a recent Java flaw exploited by the Flashback Trojan reveals that more than 550,000 Macs were affected in the U.S. and abroad, according to anti-virus vendor Doctor Web.
"This once again refutes claims by some experts that there are no cyber-threats to Mac OS X," Doctor Web said in a Tuesday blog post.
About 56.6 percent of the infected computers, or 303,449, are located in the U.S., while 19.8 percent are in Canada, 12.8 percent are in the U.K., and 6.1 percent are in Australia, Doctor Web said. For more, see the map below.
As PCMag's Security Watch noted yesterday, Mac users did not have to download or even interact with the malware to become infected. Websites exploited a Java flaw that let Flashback.K download itself onto Macs without warning. It then asked users to supply an administrative password, but even without that password, the malware was already installed.
"The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download malicious payload from a remote server and to launch it," Doctor Web said.
Doctor Web posted a list of some of the websites containing the malicious code, including ustream.rr.nu, bestustreamtv.rr.nu, ironmanvideo.rr.nu, godofwar3.rr.nu, and more. But in all, "links to more than four million compromised web-pages could be found on a Google SERP at the end of March," the firm said.
Some of those who posted to the Apple forums also reported being infected after visiting dlink.com.
The attacks started in February via two particular exploits before switching to another one in March. Apple didn't patch the problem until April 3, however. Doctor Web recommended that all users install the update to prevent infections.
Oracle fixed the same security flaw for Java for Windows, Linux, and Unix in February, Security Watch said.
As Sophos noted in a Wednesday blog post, this is the second widespread malware attack infecting Apple's OS X in the last year. The first one popped up in the first half of 2011, but after a Russian cybercriminal Pavel Vrublevsky was arrested, the "problem appeared to be solved," wrote Sophos analyst Chester Wisniewski.
With this latest threat, Wisniewski said Sophos "received a reasonable amount of criticism (as we do every time we discuss Mac threats) about over-hyping the risk and trying to scare people into installing our *free* protection." But, he continued, the "number of attack reports from our customers increased dramatically in the last few days."
Wisniewski also suggested that users install the Apple update, but insisted that "Mac users can no longer rely on simply updating their computers. Preventative protection is an essential defense mechanism to detect and thwart future attacks."
