Share

Related Stories

Top 5 Stories

News

Trojan used hacked WordPress sites to carry out mass Mac infections

23 April 2012

The Flashback trojan, which infected more Macs than any other malware in history, used hacked WordPress sites to get onto machines, according to Kaspersky Lab researcher Vicente Diaz.

Diaz told a webinar last Thursday that between the end of February and early March, between 30,000 and 100,000 WordPress sites were hacked, with 85% of those located in the US, 18% in Canada, and 9% in Australia.

Computers were infected when Mac users visited the hacked site, were redirected to a malicious site controlled by the Flashback gang using the rr.nu domain, and had malware downloaded automatically on their machines via a Java vulnerability, Diaz said.

The Kaspersky Lab researcher said that in total 700,000 Mac users were infected by Flashback for the whole period that Kaspersky Lab maintained a sinkhole. However, the size of the Flashback botnet dropped precipitously in mid-April, to around 30,000 infected Macs as of April 19, Diaz noted. The biggest drop followed the release by Apple of a patch for the Java vulnerability and a removal tool for the Flashback malware.

According to Kaspersky statistics, of the 205,622 people who checked their Macs with the company, 3,624 computers were infected, or a 1.76% infection rate.

In a blog, Alexander Gostev of Kaspersky Lab wrote that Flashback, aka Flashfake, was able to spread so quickly because of the WordPress blog infection technique. The malware had been around since 2008, but the number of infections exploded when the WordPress delivery method was developed.

Flashback used a partnering program based on script redirects from a large number of legitimate WordPress sites that were hacked. “How this happened is unclear. The main theories are that bloggers were using vulnerable versions of WordPress or they had installed the ToolsPack plugin”, Gostev explained.

Diaz made a number of predictions about Mac infections. First, he said to expect more Mac OS X botnets because Mac’s increase in market share has made it more attractive for cybercriminals. Second, Mac users should expect more drive-by malware downloads and more cross-platform exploit kits with Mac-specific exploits.

Diaz cautions that Mac users need to employ anti-virus software to prevent infections. Flashback has exposed the myth of Mac OS X invulnerability, he added.

This article is featured in:
Application Security  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×