Investigations by Russian antivirus firm Dr. Web have concluded that more than 600,000 Mac computers are currently infected by the new strain of Flashback Trojan, with a massive 56.6% of the total infected machines believed to be in the US alone. Apple released an update earlier this week to patch vulnerabilities in Java that could be exploited to run malicious code in a victim's computer, including the newest strain written of the Trojan in question, but this will only protect those that are not already compromised by the malware.
Dr. Web revealed on their website yesterday morning that the Flashback botnet was some 550,000 strong. Later that day, malware analyst Sorokin Ivan revised that figure to more than 600,000 on Twitter.
According to Dr. Web, the US has the most infections with 56.6% of the total infected with the BackDoor.Flashback.39 malware. Of the 300,000 plus infected machines, the Russian antivirus firm also revealed 274 were from Cupertino. Canada had the second highest infection rate with 19.8%, the UK has 12.8% and in fourth place with 6.1% of the total number of infected machines in Australia.
Internet security firm F-Secure has published detailed instructions on how to verify and remove the Trojan should your Mac computer already be infected. Interestingly, they state that the malware can infect a computer even without administrative permissions. "Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done."
The initial route to infection follows the same path. First the user visits a website which has been infected with the Flashback malware. Upon loading the infected webpage the script is executed, and it then immediately checks for the presence of several antivirus products. Should the presence of any be detected, the script then deletes itself and takes no further action.