Flashback Trojan: 'Mac Virus' Hits Macs
'Mac Virus': Macs Infected by Malware: Flashback Botnet Spreads
The conventional wisdom states that Macs are immune to viruses, trojans, and other malware. This is not true: Macs are less-easily exploited, but still exploitable. Case in point: the Flashback trojan, whose botnet has infected over 600,000 Macs since it first appeared in September 2011.
(Everyone's calling this a "Mac virus", but it's actually a trojan.)
Most of the Macs pwned by the Flashback botnet are in North America.
Apple has already released a fix: check your Mac's Software Update for the OSX Java patch and install it. Also see:
Mashable has compiled the terminal commands into one-click AppleScripts, which you can download here:
Network security tools such as Little Snitch, Avast!, VirusBarrier, iAntiVirus, or Packet Peeper prevent BackDoor.Flashback.39 from installing. If you're running Leopard or Snow Leopard, of you're running Lion with Java enabled, your machine is exploitable.
The Flashback malware is injected via malicious websites masquerading as legit sites. Be wary of URLs such as:
According to some sources, links to more than four million compromised web-pages could be found on a Google SERP at the end of March. In addition, some posts on Apple user forums described cases of infection by BackDoor.Flashback.39 when visiting dlink.com.
Attackers began to exploit CVE-2011-3544 and CVE-2008-5353 vulnerabilities to spread malware in February 2012, and after March 16 they switched to another exploit (CVE-2012-0507). The vulnerability has been closed by Apple only on April 3 2012.