Blue Coat - Security Blog: A Look Back (and Forward) at the Flashback Attack

/Home/Internet Security: Blogs/Internet Security: Blue Coat blog/Blue Coat Security Blog: 2012

April 20, 2012
By Chris Larsen | Co-Author Patrick Cummins

[I sneaked an occasional peak at my e-mail last week while on vacation, and saw that there was a lot of discussion happening about the "Flashback" attack. Since I could see that the team was already researching, I didn't worry much, and figured I'd catch up on the story when I got back. As it turns out, there was a lot to catch up on.... Special thanks to Patrick, who heads our botnet team, and who did much of the research legwork that I used as a starting point. --C.L.]

April has seen the emergence of the first major Mac botnet (commonly labeled as either "Flashback" or "Flashfake"). Good historical overview on the ZeroDay blog, which notes that the Flashback bot software has been around since at least September 2011. The ZD blog also contains a link to the post from Dr Web that really caused the media frenzy when it broke the story (on 4/04) -- most of the coverage choosing to play up the "Macs can get malware after all!" angle. And it's hard to fault the media for seeing this as a newsworthy event, since the published estimates placed the number of infected Macs at over 670,000 -- or roughly 1 in 100 Macs worldwide.

Click the URL above to read the full article