Contradicting Earlier Reports, Flashback Malware Infections Still High
Flashback infections are increasing! Flashback infections are decreasing! Flashback infections are staying the same!
So which is it?
Here's the backstory: As we reported previously, Mac users have been hit with a nasty bit of malware that requires absolutely nothing on their part – save for visiting malicious websites – in order for Flashback to enter their systems. It's easily preventable, so long as one disables Java in one's browser or updates Java to the most current version. In fact, keeping one's Apple system current with all of its updates is one of the best ways to thwart any kind of malware, not just Flashback.
Finding out if you're infected with Flashback is similarly easy, as is removing it. But it remains to be seen whether users are doing so in great amounts. That, or whether a bunch of new Macs are being infected even considering the stream of official updates designed to prevent them from being hit.
Symantec reported this past Wednesday that the number of total Flashback infections was down to approximately 140,000 from around half a million. However, the company has since revised its estimate to note that its method for detecting infected systems is reporting "limited infection counts," as discovered by virus analysts at Dr. Web.
"The botnet statistics acquired by Doctor Web contradicts recently published reports indicating a decrease in the number of Macs infected by BackDoor.Flashback.39. The number is still around 650,000," reads a blog post on Dr. Web's site.
Flashback Trojan Still on 140,000 Computers
The impact of the Flashback Trojan that hit more than half a million Macs earlier this year is on the decline, but it is still present on at least 140,000 computers, according to new stats from Symantec.
"The statistics from our sinkhole are showing declining numbers on a daily basis," Symantec said in a Tuesday blog post. "However, we had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case."
The number of computers currently infected has "tapered off," but is currently hovering around the 140,000 mark, Symantec said. Given the number of tools released to fix the issue, the firm expected "a dramatic decrease."
Last week, Symantec said it had detected about 270,000 computers infected with the Flashback Trojan, down from a high of 600,000 on April 6 and 380,000 on April 10. For more, see the chart below.
Flashback Trojan Hits 550,000 Macs
Analysis of a recent Java flaw exploited by the Flashback Trojan reveals that more than 550,000 Macs were affected in the U.S. and abroad, according to anti-virus vendor Doctor Web.
"This once again refutes claims by some experts that there are no cyber-threats to Mac OS X," Doctor Web said in a Tuesday blog post.
About 56.6 percent of the infected computers, or 303,449, are located in the U.S., while 19.8 percent are in Canada, 12.8 percent are in the U.K., and 6.1 percent are in Australia, Doctor Web said. For more, see the map below.
As PCMag's Security Watch noted yesterday, Mac users did not have to download or even interact with the malware to become infected. Websites exploited a Java flaw that let Flashback.K download itself onto Macs without warning. It then asked users to supply an administrative password, but even without that password, the malware was already installed.
"The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download malicious payload from a remote server and to launch it," Doctor Web said.