The attack affects computers running Apple’s Mac OS X software, according to Russian antivirus software maker Doctor Web. Most of the infected computers are in the United States (X) and Canada, the firm said in a blog posting. Apple fixed a security hole this week that let the malicious software spread. Users who haven’t downloaded the necessary updates are vulnerable, Doctor Web said.
“This once again refutes claims by some experts that there are no cyber-threats to Mac OS X,” Doctor Web said. Apple spokesman Bill Evans declined to comment on the hacker attack. He noted that there are 63 million Macs in use worldwide.
Macs have historically been an unappealing hacking target because of their low market share. Instead, criminals have attacked personal computers running Microsoft Corp.’s Windows software, seeking the biggest number of victims for illicit moneymaking schemes. Windows runs on more than 90 percent of the world’s desktop computers, according to market researcher Net Applications.
The attack that Doctor Web analyzed is an especially harmful variety that infects computers without user interaction. To get hit, users just need to visit a poisoned webpage and the infection happens silently in the background. The vulnerability that allows the attack to take place exists in Java, the widely used programming language for building web pages.
Boris Sharov, Doctor Web’s chief executive officer, said in an interview that the spread of the infection appears to have leveled off at around 600,000 computers, a sign of the effectiveness of the security patch. He pointed to a Doctor Web page for detecting and removing the malicious software, which is called BackDoor.Flashback.39.
The malicious software first appeared in September and has gone through a number of transformations since then, targeting Macs and generally being used to steal personal information such as passwords, according to Liam O Murchu, a manager of security- response operations at Symantec Corp.
“It just shows that no matter what operating system you’re using, you can be at risk,” he said in a phone interview today. “No one is immune.”