OIT investigates Flashback botnet on campus computers

When Russian antivirus company Dr. Web announced recently that it had found a botnet with more than 600,000 Apple computers in it, OIT Security and Compliance began tracking campus computers that were connecting to the Flashback botnet. A botnet is a collection of compromised computers controlled from a single source to send spam, execute denial of service attacks and commit click fraud. This botnet is not the largest ever, but is the biggest ever comprising of mostly Apple computers.

OIT Security and Compliance has determined that more than 460 Mac users on campus have visited malicious Web pages that spread the Flashback Trojan and that at least 200 user machines have been infected. The numbers could have been higher, but it seems the malware doesn’t install if the user has Skype or MS Office installed. It will, however, install if the user enters an administrator password when prompted by the Trojan. The Flashback Trojan is also spreading to Apple computers via a Java exploit. To prevent infection, Mac users should install the Java patches from Apple using the Software Update option under the Apple menu of the Mac computer.

OIT Information Security Services will continue to track the Flashback botnet activity on campus and will notify affected campus users.  If you would like to check your Mac for the Flashback Trojan, run the FlashbackCheckerApp, which can both detect and remove the Flashback Trojan.