Manila, Philippines - Kaspersky Lab, a leading secure content and threat management solutions developer, recently analyzed the Flashfake botnet and discovered a massive number of infected computers worldwide, most likely running Mac OS X. The botnet is being distributed via infected websites as a Java applet that pretends to be an update for the Adobe Flash Player.
About 670,000 computers worldwide, 98 percent of them running Mac OS X, were infected by Flashfake. Kaspersky Lab attests that this is the largest Mac-based infection to date, with the largest number of victims targeting developed countries. The United States had the most infected computers (300,917) followed by Canada (94,625), the United Kingdom (47,109) and Australia (41,600).
Infections also found in France (7,891), Italy (6,585), Mexico (5,747), Spain (4,304), Germany (4,021), Japan (3,864) and Philippines is among the countries that contribute the average count of 1- 2,547 said Kaspersky Lab security expert, Igor Soumenkov in his blog.
Security expert Alexander Gostev also stated in his blog that they were able to reverse-engineer the Flashfake malware that enabled them to successfully analyze the communications between infected computers and the command and control (C&C) servers of Flashfake.
“After intercepting one of the domain names used by the Flashback/Flashfake Mac Trojan and setting up a special sinkhole server last Friday, April 6, we managed to gather stats on the scale and geographic distribution of the related botnet. We continued to intercept domain names after setting up the sinkhole server and we are currently still monitoring how big the botnet is. We have recorded a total of 670,000 unique bots. Over the weekend of April 7 to 8, we saw a significant fall in the number of connected bots,” added Gostev.
Kaspersky Lab is also directing users to visit the website www.flashbackcheck.com, specifically made to determine if a computer is infected with the malware using a tool that looks into the device’s universal unique identifier (UUID). It also has instructions on how remove the malware if it is found.
source: mb.com.ph