The trojan, however, would only infect the user visiting the infected web page, meaning other users on the computer were not infected unless their user accounts had been infected separately. Each bot was given a unique ID that was sent to the control server. The malware also switched between various servers for optimized load balancing.
An executable file was saved on the local machine, which was used to download and run malicious code from a remote location. The system was infected after the user was redirected to a compromised bogus site, where JavaScript code caused an applet containing an exploit to load. Ī later variant targeted a Java vulnerability on Mac OS X. The original variant used a fake installer of Adobe Flash Player to install the malware, hence the name 'Flashback'. Web estimated that in early April 2012, 56.6% of infected computers were located within the United States, 19.8% in Canada, 12.8% in the United Kingdom and 6.1% in Australia. This variant of the malware was first detected in April 2012 by Finland-based computer security firm F-Secure.
The findings were confirmed one day later by another computer security firm, Kaspersky Lab. Web, a modified version of the 'BackDoor.Flashback.39' variant of the Flashback Trojan had infected over 600,000 Mac computers, forming a botnet that included 274 bots located in Cupertino, California. According to the Russian antivirus company Dr.