Flashback botnet decline not as fast as expected
Posted on 18.04.2012
Given the attention that the Flashback Mac malware has received since the discovery of the 600K strong botnet of computers infected with it and the number of tools that various security firms and Apple issued for its removal, it's somewhat disheartening to hear that the botnet still counts around 140,000 zombies.

"We had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case," commented the Symantec researchers who have set up a sinkhole to monitor the botnet's existence but offered no explanation for the unexpected slow decline.

The researchers say that the domains hosting the C&C server for the botnet change every day, and that they are not limited to the .com domain, but will also be set up on .in, .info, .kz and .net top level domains.

They also point out that among the new features of the Trojan is the ability to "retrieve updated C&C locations through Twitter posts by searching for specific hashtags generated by the OSX.Flashback.K hashtag algorithm."

Users who haven't yet installed the latest Java update (for OS X Lion and OS X Snow Leopard) are advised to do so because the Java vulnerability (CVE-2012-0507) misused by Flashback is currently being exploited to install another Mac Trojan called SabPub, and others can crop up at any time.






Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Dec 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //