600,000 Macs compromised by Flashback botnet

Apple users will be suffering a crisis of faith, as it was revealed its faith-based security system failed to prevent over 600,000 Macs around the world from being compromised by the Flashback Trojan.

Flashback is designed to steal personal information from the hapless Mac users, who have mostly been twiddling their thumbs, satisfied with the impenetrable fortress of security that Apple’s machines are, for some reason, perceived to be. It worms its way onto OS X machines and requests administrator passwords – if a user hands that over, the trojan will install itself into the machine and comb for personal details.

Russian antivirus company Dr. Web first reported that 550,000 Macs around the world had been compromised by the creeping botnet. Later on, CNET reports, one of its analysts said that the figure was more likely to be around 600,000.  That included 274 bots discovered in Apple’s stamping ground, Cupertino.

The botnet originally disguised itself as a Flash plug-in. New variants have been popping up since, as it started exploiting a range of Java vulnerabilities to target Macs.

Apple has now released a patch that should squash the vulnerability. Whether or not Apple users will rush to protect their machines is another matter. Earlier this week, Sophos‘ Graham Cluley urged users to be vigilant. There had been a “flood of Mac malware activity” against users in mid-2011, with a steady stream since.

Users were encouraged to consider that many cyber attacks are not specifically technical, but rely on social engineering and human folly.

Apple fans would be “foolhardy” not to protect their Macs with anti-virus software and to keep it updated, Cluley said. “Especially as there are free Mac anti-virus options available, you really have nothing to lose”.