Mother of all Mac botnets? BackDoor.Flashback.39 spreads
Hardly. With 600,000 zombie Macs enslaved, doing no one knows what, this is hardly the world’s biggest botnet. However, it’s something of a wake up call for fans of the fairer platform. Are you infected? Here’s how to check.
Russian security site Dr Web is reporting that a botnet created by the BackDoor.Flashback.39 trojan has taken over and enslaved somewhere in the neighborhood of 600,000 Macs, including a number in Cupertino — that’s more than a little embarrassing.
Systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit.
That said, F-Secure has published a method for discovering if a Mac has been taken over. First, fire up Terminal — in your Mac’s Utilities folder — and then paste the following command(s) and hit enter:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
• If you get this result — The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist — you’re good.
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
• If you get this result — The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist — again, you’re good.
If you get any other result, click through to F-Secure for the full removal method.
Additionally, Apple’s latest Java updates for OS X Lion, Snow Leopard patches the vulnerability used by BackDoor.Flashback.39 — get the update and obviate the attack.
For what it’s worth, given that most people don’t use Java daily, it can’t hurt to turn Java off until you actually need it.
Learning from the past
Back in 2009, a 250,000 Mac botnet was created by a pair of trojans — OSX.Trojan.iServices.A and OSX.Trojan.iServices.B — that spread via infected pirate copies of iWork ’09. In that case, users needed to voluntarily install the trojan.
The difference this time around is that BackDoor.Flashback.39 silently installs its botnet payload without any user interaction. That’s more than a little scary.
So, now would be a good time to check to see if you’ve been infected and, yeah, download and install the latest version of Java from Apple…
What’s your take?
[...] Mac may have been compromised and taken over, the Fairer Platform has published an easy to follow diagnostic how to — you will know in moments whether or not your are [...]
Everyone but Mac owners knew this day was coming. Middle finger to ALL of you that have boasted about your elitist position. And all of you have, at one time or another, you know it, I know it, we know it.
[...] #1 Turn off Java in Safari — The BackDoor.FlashBack trojan is infecting Macs running out of date Java, creating a 600,000-plus Mac botnet, likely the largest in history. An easy way to obviate the threat is to turn off Java in Safari — Safari > Preferences > Security > Deselect Enable Java — See also: Mother of all Mac botnets? BackDoor.Flashback.39 spreads [...]
[...] can detect and remove FlashBack via the command line. And, of course, a range of antivirus apps can diagnose and remove the [...]
Leave your response!
Recent Posts
Popular Posts
The ROCR on the web
Most Commented
Most Viewed
Powered by WordPress | Entries (RSS) | Comments (RSS) | Privacy Policy