Criminals exploiting a slowly patched vulnerability in Apple's OS X software have built a botnet of at least 550,000 infected Macs, according to research from a Russian security firm.
Apple has been criticised for taking six weeks to patch a critical Java vulnerability, and the research from security firm Dr Web shows how costly the delay may have been.
According to the company's research, the “BackDoor.Flashback" botnet has infected 550,000 PCs, mostly in the US and Canada. Macs are infected with BackDoor.Flashback.39 when users are redirected to malware sites.
The company said as many as four million pages were carrying the infected code, which saves an executable file onto the hard drive of the infected Mac, before downloading a malicious payload from a remote server and logging on to a network of control servers.
The company said it used the network identifier within the malware to count infected machines.
“Each bot includes a unique ID of the infected machine into the query string it sends to a control server,” the security company said in a blog post.
“Dr Web's analysts employed the sinkhole technology to redirect the botnet traffic to their own servers and thus were able to count infected hosts.”
The company said the 550,000 infected machines it had counted “only comprise a segment of the botnet set up by means of this particular BackDoor.Flashback modification”.
Of the infected Macs, the figures showed 56.6% were in the US, 19.8% were in Canada, and the UK accounted for 12.8% of infections.
According to security firm Sophos, the exploit is being used by criminals to steal passwords and banking information from Safari and for search engine redirection in order to perform advertising fraud or direct victims to further malicious content.
