According to one security company named Dr. Web there are over 600,000 infected Macs running OSX in the world. About 50% of these are located in the US with about 250 of these located right in Apple’s own home city. The Flashback Trojan first reared its ugly head back in late 2011 when it was found to perform many of the same things to the OSX internal protection system that Apple fans have called Microsoft out for. The Trojan poses as a Flash Player plug in that a compromised site needs to install to show content (or a video). This drive-by style of attack is a very common way to infect systems and in compounded by the way many advertising systems work. On many sites the ads you see are served up by third party servers (like Google ads etc), these servers can be compromised easier than the main server that the website is running on. This makes it fairly simple for the malicious code to be injected into an ad that might be served on multiple web sites. This makes those ad servers an even bigger target as you get more bang for the buck by breaking into one of these.
Once the Flashback Trojan gets downloaded it will ask for the admin password. If a user gives it out, it will install itself onto the system in the Applications Folder. Now before you think that all you have to do is not type in that admin password you will want to know that Flashback has something in store for you there as well; even if you decline to type in the password the malware will install itself, but this time into the user accounts folder. This will actually give it more freedom to operate.
One Flashback is embedded into the system it goes after the built in protections that OSX has. To do this is unloads the XProtectUpdater daemon and then overwrites the files with empty place holders. This means that you cannot update your internal protection system to deal with future threats. To make matters worse, Apple delayed releasing a patch for this until only a couple of days ago. Oracle patched Java for Windows and Linux to prevent this attack vector in February of this year, but Apple only released its patch for this this week. Simply updating the system to protect against this does not remove the Trojan. Fortunately there are methods to remove this infection (as well as ways to tell if you have it).
This incident should stand as a VERY important reminder to people, there is no such thing as a secure OS and every OS out there can be infected with Malware.
Discuss this in our Forum