Russian anti-virus vendor Dr. Web conducted a study on infected Macs running OS X, saying 500,000 are infected. A Dr. Web malware analyst later said on Twitter that figure had risen to 600,000.

274 of those computers are based in Cupertino, California, the report said. The viruses are coming through an exploit called BackDoor.Flashback.39. When visiting a Web page with the exploit, JavaScript code is used to load a Java applet containing the exploit. The report lists various Web site that infect Mac laptops, all having rr.nu domains, with over four million websites found to be compromised at the end of March.

Some users on Apple's forums have also been exploited through dlink.com.

"The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download malicious payload from a remote server and to launch it. Doctor Web found two versions of the Trojan horse: attackers started using a modified version of BackDoor.Flashback.39 around April 1," Dr. Web said.

An earlier version of the exploit was released back in February 2011, which installed through Flash Player. The latest version prompts users for a password, which is irrelevant as the infection is installed anyway.

Dr. Web say 57 percent of the infected computers are based in the U.S., with 20 percent in Canada.

A previous fix for Java in Windows was released earlier this year, but not for OS X as Apple ports over updates months after.

"Security experts have long warned that this delay in delivering Java patches on Mac OS could be used by malware writers to their advantage, and the new Flashback.K malware confirms they were right," PCWorld reports.

On Tuesday, Apple released a security update for OS X Java to fix the vulnerability exploited by the latest Flashback Trojan malware. So updating to the latest version of OS X is critical as the malware installs itself. If a computer is suspected to be infected, F-Secure have instructions on how to check in Terminal.

"There are rumours that a new exploit for a different unpatched Java vulnerability is currently being sold on the underground market and could be used to target Mac users in a similar way in the future," F-Secure said.

(reported by Jonathan Charles, edited by Surojit Chatterjee)

© Copyright 2024 Mobile & Apps, All rights reserved. Do not reproduce without permission.