The trojan contacts a control service. Once contact has been made it can download and run the payload on the infected machine. It can run any executable received from a server.
Over 550 000 infected machines running Mac OS X have been a part of the botnet on April 4. These only comprise a segment of the botnet set up by means of the particular BackDoor.Flashback modification. Most infected computers reside in the United States (56.6%, or 303,449 infected hosts), Canada comes second (19.8%, or 106,379 infected computers), the third place is taken by the United Kingdom (12.8% or 68,577 cases of infection) and Australia with 6.1% (32,527 infected hosts) is the fourth.
The 550,000 number has since been updated to 600,000. "At this moment botnet Flashback over 600k, include 274 bots from Cupertino", tweeted Sorokin Ivan of Dr. Web.
Apple yesterday released a security fix for the Java vulnerability. F-Secure has instructions for detection and removal.
Read More [via Ars]