Russian anti-virus vendor Doctor claims that the
BackDoor.Flashback botnet has infected more than 550,000
computers running Mac OS X, most of which are located in
the United States and Canada.
This once again refutes claims by some experts that there
are no cyber-threats to Mac OS X.
"Over 550 000 infected machines running Mac OS X have
been a part of the botnet on April 4, Doctor Web said.
"These only comprise a segment of the botnet set up by
means of the particular BackDoor.Flashback modification.
Most infected computers reside in the United States
(56.6%, or 303,449 infected hosts), Canada comes second
(19.8%, or 106,379 infected computers), the third place
is taken by the United Kingdom (12.8% or 68,577 cases of
infection) and Australia with 6.1% (32,527 infected
hosts) is the fourth. "
Systems get infected with BackDoor.Flashback.39 after a
user is redirected to a bogus site from a compromised
resource or via a traffic distribution system. JavaScript
code is used to load a Java-applet containing an exploit,
Doctor Web said.
According to some sources, links to more than four
million compromised web-pages could be found on a Google
SERP at the end of March. In addition, some posts on
Apple user forums described cases of infection by
BackDoor.Flashback.39 when visiting dlink.com.
The anti-virus vendor's data showed that attackers had
begun to exploit vulnerabilities to spread malware in
February 2012, and by March 16 they had switched to
another exploit. The vulnerability has been closed by
Apple on April 3 2012.
Of course, given that the company reporting these numbers
is in the business of selling antivirus software,
supporters of the 'virus-proof' OS X could claim that
such a report was aimed at boosting Mac antivirus
software sales.