Apple Inc. (NASDAQ:AAPL) is known for being pretty good about the security of its computers and other devices. However, apparently a virus which first surfaced in 2011 is still actively infecting Apple computers. That’s according to a post this week from Intego, a Mac security software company.
How the Flashback Trojan virus works
The virus is known as OSX / Flashback.A, or just Flashback for short. Starting in 2011 and running through 2012, it had captured approximately 650,000 Apple computer users in a botnet. The virus was tricking users into installing a Flash player package which was malicious using social engineering techniques. Later new versions of the virus utilized exploits of Java and also drive-by downloads.
After the virus is installed on an Apple computer, it creates a backdoor and then is able to capture virtually any activity which is done on the computer. Hackers have almost open access to these computers and are able to steal usernames and passwords and do just about anything else they want to these infected machines.
Apple’s protections prove ineffective
In 2012, Apple Inc. (NASDAQ:AAPL)’s Product Security Response team pushed out security updates, a Malware Removal tool and Xprotect but Intego reported that these measures only divided the count of infected computers by six. Apple then took steps to close down the malicious domains, acquiring all of the generated domains through the end of 2013. However, Intego says all of that wasn’t enough.
The company said it bought some of the “command and control” server domain names so that it can monitor the threat posed by the Flashback Trojan virus. Starting on Jan. 2, the firm studied the domains it had acquired and recorded the connections showing where the virus is still active on Apple computers and trying to reach the command and control servers.
After five days, they discovered that there are still at least 22,000 machines infected by the virus. In addition, they said although the malicious domains are still registered by Apple, the virus’ author could buy back those domain names in the future. Other hackers could also gain control of the botnet if security researchers stop watching the domains. Conveniently, Intego offers an antivirus product which they said can find and remove the Flashback and other malware on Apple computers.