In association with heise online

01 May 2012, 11:43

Flashback: two thirds of all infected Macs run Snow Leopard

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom Clearly discernible: the malware seems to be particularly comfortable on Snow Leopard (Darwin kernel versions 10.x), but it also likes Leopard (kernel versions 9.x), which is completely defenseless against the trojan
Source: Dr.Web
According to a report by Russian IT security firm Dr.Web, the Flashback malware has made itself particularly comfortable on systems running Mac OS X 10.6 Snow Leopard. The anti-virus specialist and discoverer of the currently active Flashback variant has recorded and evaluated the botnet's communications.

Dr.Web says that Apple computers running the predecessor to 10.7 Lion, 10.6 Snow Leopard, are particularly affected. Almost 63% of infected Macs run Snow Leopard, and another quarter use Mac OS X 10.5 Leopard. Only 11% of systems infected with the Flashback botnet are unpatched Lion machines.

Leopard users currently have no official way of protecting themselves against the trojan, because Apple only provides security updates for Snow Leopard and Lion. Making matters even worse, the Flashback malware removal tool only works under Mac OS X 10.7.

One of the likely reasons why significantly fewer Lion systems are affected is that Java is no longer a default component of the latest Mac operating system and must be installed manually. Apple's future plan is to completely abandon its own Java development and leave it to Oracle, which published its first sponsored Java release for Mac OS X last week.

Zoom Only few users have granted administrator privileges to the Flashback trojan
Source: Dr.Web

However, it appears that Mac users tend to be more suspicious when being asked for their admin password – Flashback must make do without root on 88% of infected computers. The trojan initially asks users to enter an administrator name and password.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit