Botnet that controls 1% of Mac computers detected

Flashback is a Trojan for Mac that since 2011 has been going around the net, its first version simulated being a Flash installer (hence its name) and had the ability to disable antivirus, firewall and connect to a remote server to receive instructions from attackers, in other words, it formed a botnet.

Over time different versions appeared and began to spread with more aggressive social engineering techniques and exploits for Mac.

Well, yesterday the security company Doctor Web has published on its site that some of the latest versions of Flashback had under its control over 550 thousand teams worldwide, a figure that increased to 600 thousand hours later as published on Twitter by @hexminer, one of the company's security analysts and specialist in Apple products.

They managed, through a vulnerability, to redirect all botnet traffic to their own servers, thus accounting for infected hosts.

An interesting fact shared by @mikko, one of the F-Secure researchers, is that the Trojan managed to infect more than 1% of the Macs in the world, considering that they are about 45 million computers.

Assuming there are about 45 million Macs out there, Flashback would now have infected more than 1% of them.

Mac is becoming an attractive target for cybercriminals and these numbers reflect the importance of keep equipment up to date, basic measure that all of us must adopt to be safer.If you want to read more on the subject, I recommend the articles published in Apple Security, they have done a complete follow-up on the Trojan since its first version.

Update (Friday 6): According to information shared by Twitter Boris Sharov, CEO of Dr.Web, so far they have been detected 641,684 bots.

You can see statistics for countries and cities Flashback here: blogs.drweb.com/node/893

Update (Saturday 7): Dr.Web has published a tool to verify if a Mac is infected with this Trojan. Link: C&C Botnet HW-UUID checker / more information on its use.

Update 4/15: The number of computers infected by this Trojan has decreased and Apple has published a cleaning tool that eliminates Flashback through its update system. For more information about it, I recommend reading this complete article on Apple Security.

Note: the image that accompanies the post is part of a howtogeek.com wallpaper