Major Mac Botnet Infects 600,000 Machines

Dennis Faas's picture

Doctor Web, a Russian antivirus company, recently announced its discovery of covert, zero-day-exploiting Trojan Horse malware which it believes has infiltrated more than 600,000 Macintosh systems worldwide.

A number of other security companies later confirmed that staggering figure is probably accurate.

"Flashback" Trojan Largest Mac Botnet Ever

Doctor Web originally estimated that more than half a million machines were infected with "Flashback." 

This particular instance of malware gets installed on an unsuspecting user's computer during a visit to a previously-compromised website. 

Once infected, the computer is instructed to reveal all the user names and passwords it contains that provide access to a variety of legitimate websites. (Source:

At the moment, Flashback is considered to be solely responsible for what is estimated to be the largest number of infected Apple OS X computers, ever.

Sinkholing the Macintosh Botnet

Doctor Web researchers went on the offensive and successfully "sinkholed" part of the botnet. Sinkholing refers to the process of changing the Internet servers with which a hijacked computer regularly communicates. 

When those servers are under the control of hackers, the computer becomes part of a botnet and is made to perform malevolent activities, such as denial-of-service attacks on innocent websites. 

When the same computer is "sinkholed" into communicating with benign Internet servers, the infected computer stops obeying the botnet commands, and can be cleaned of any software infections.

Doctor Web eventually calculated the size of the Apple botnet at more than 600,000 computers. It did this by counting up the UUIDs (universally unique identifiers) presented by the infected computers' operating systems to the sinkhole servers.

Not long thereafter, popular security companies began to weigh in on Doctor Web's findings.

Major Security Companies Agree with Projections

Brett Stone-Gross, security researcher with the Counter Threat Unit at Dell SecureWorks, said that "the number is entirely feasible," while Roel Schouwenberg, senior researcher at Kaspersky Lab, agreed that although "the number is very, very large, it seems correct." (Source:

Alex Gostov, a chief security expert at Kaspersky, warned that the infection figures are probably accurate, but suggested it remains unclear whether "all (Flashback bots) are Mac users." 

Gostov went on to say that the 600,000 number likely includes infected computers using the Windows operating system, as well as the Apple OS X operating system.

While this Flashback botnet is huge, it is not the largest botnet ever uncovered. 

Windows-based PC botnets have been known to be much larger. Consider the case of Conficker, malware which ultimately hijacked millions of machines around the world).

However, the size of this Flashback infection is unprecedented within the realm of OS X technology.

Rate this article: 
No votes yet