September 19, 2012 | San Diego, CA | Press Releases

ESET Reveals Further Facts about OS X Flashback Trojan, the Most Widespread Mac Malware to Date

ESET, the leader in proactive protection celebrating 25 years of its technology this year, has performed a deeper investigation into the OS X Flashback Trojan on Apple Macs and come up with some interesting facts you might want to consider in order to protect your day-to-day use of Macs at work and home.

OS X/Flashback is, by far, the most widespread malware we have seen targeting Mac systems. During our investigation, ESET saw hundreds of thousands of infected systems forming a large botnet. We first added detection for OS X/Flashback in September 2011.

“A real spike in infections started in March 2012, when this threat started propagating by exploiting a vulnerability in the Java interpreter shipped with Apple’s OS X. During the first days of April, ESET deployed monitoring systems to gain a better understanding of the size of the infected population. Just a couple of weeks after that, at the beginning of May 2012, the last command-and-control (C&C) server used to manage the botnet of infected machines went offline. Since then, we can say that the botnet is effectively dead,” said Pierre-Marc Bureau, ESET Senior Malware Researcher.

ESET decided to investigate the OS X/Flashback malware for several reasons. First, it uses novel techniques to spy on users when they are browsing the web. This malware also makes use of multiple methods to connect to its C&C server for redundancy, including dynamically generating domain names and searching for hashtags on Twitter. Finally, the scale of the infection made it very interesting, because a botnet utilizing hundreds of thousands of infected Macs is unprecedented. 

“Various teams at ESET participated in the investigation. At our Bratislava headquarters, one team created a generic detection algorithm for the bot, while teams in Prague and Montreal reverse engineered the OS X code,” elaborated Bureau.

ESET’s primary objective has always been the mitigation of threats, and given the scale of OS X/Flashback, we needed to perform two activities:  First we wanted to inform users about this malware so they could check their systems and, if infected, clean them. Second, we collaborated with others in the security industry to register as many of the domain names created by the bot’s domain name generation algorithm as possible, thus preventing the botnet master from sending update commands to already infected systems.

The infographic attached highlights statistics from the top affected countries in order to give you a better idea of the scope of the spread of the Flashback Trojan worldwide, and clearly shows the value of adding an additional layer of protection to Mac OS X systems.

About ESET

ESET is on the forefront of security innovation, delivering trusted protection to make the Internet safer for businesses and consumers. IDC has recognized ESET as a top five corporate anti-malware vendor and one of the fastest growing companies in its category. Trusted by millions of users worldwide, ESET is one of the most recommended security solutions in the world. ESET NOD32 Antivirus consistently achieves the highest accolades in all types of comparative testing, and powers the virus and spyware detection in ESET Smart Security and ESET Cybersecurity for Mac. Sold in more than 180 countries, ESET’s global headquarters is in Bratislava, Slovakia, with distribution headquarters for North America located in San Diego, California. ESET also has offices in Buenos Aires, Prague, Krakow and Singapore and is represented by an extensive global partner network. For more information, visit http://www.eset.com/us or call +1 (619) 876-5400.