A chronology of the BackDoor.Flashback.39 epidemic

• February 2012 An Oracle-released update for the Java Virtual Machine closed vulnerabilities exploited by BackDoor.Flashback.39.
• March 25, 2012 The first Flashback botnet domains are registered.
• March 27, 2012 Doctor Web added the BackDoor.Flashback.39 signature into the virus database used by its Dr.Web for macOS.
• April 3, 2012 Doctor Web analysts reverse-engineered the routine employed by BackDoor.Flashback.39 to generate control server domain names. They then registered several domain names and began gathering statistics by analysing requests received from the bots. More than 130,000 bot replies were registered in the very first hours.
• April 4, 2012 According to data collected by the virus laboratory, the number of infected hosts in the BackDoor.Flashback.39 botnet reached 550,000. Doctor Web issued a press release concerning the BackDoor.Flashback.39 epidemic.
• April 4, 2012 (April 3 for North America). An Apple-released update for iApple Java closed vulnerabilities exploited by Trojan BackDoor.Flashback.39. Due to time zone differences, many macOS users received the update with a significant delay.
• April 4, 2012 The number of hosts in the botnet exceeded 600,000 infected Macs.
• April 4, 2012 Doctor Web sends information on the Trojan issue to representatives connected with Swiss CERT upon their request.
• April 5, 2012 Doctor Web sends information on the Trojan issue to Public Safety Canada upon their request.
• April 6, 2012 Apple released a second update that closed the vulnerabilities exploited by Trojan BackDoor.Flashback.39.
• April 9, 2012 Doctor Web sends information on the Trojan issue to TELSTRA upon their request..
• April 9 and 10, 2012 Some corporation made unsuccessful attempts to block domains used by Doctor Web to study the BackDoor.Flashback.39 botnet.
• April 10 The total number of computers infected by the Trojan exceeded 650,000.
• April 10 Doctor Web sends information on the Trojan issue to Shadowserver.org.
• April 10 Doctor Web sends information on the Trojan issue to French CERTA (Centre d'Expertise Gouvernemental de Réponse et de Traitement des Attaques informatiques).
• April 11 Apple reports that it is developing software that will detect and remove the Flashback malware.
• April 11 Doctor Web sends information on the Trojan issue to Polish CERT upon their request.
• April 11 Doctor Web Anti-Flashback information website went live.