21ST APRIL 2012 by MATTHEW PANZARINO
After a report Wednesday from security company Symantec put the number of Macs affected by the Flashback malware at just 140k, it appeared that Apple’s Java patch was working to reduce infections. But today the discoverer of the Flashback malware, Dr. Web, has produced new numbers that show some 650K Macs still infected by it.
Now, Symantec has recanted, as has Russian firm Kaspersky, in the face of new evidence from Dr. Web about the scope of the infection, reports Computerworld. The numbers that Dr. Web dropped today show that there are still around 550,000 computers that connect to the servers controlled by the botnet on a daily basis.
The number is falling, but there are still new machines, which had never connected to the network before, being recorded. This indicates that the malware is still infecting new computers.
The Flashback malware had spread to some 600,000+ infected systems as of last week, by taking advantage of a security flaw in Java which had been discovered in February. The security of Mac computers at large was obviously in question, so it’s good to see Apple take decisive action, although it would have been nice to see it a bit sooner, as this was a known vulnerability.
The Flashback program installs on an un-patched machine and attempts to harvest web browsing activity, usernames and passwords. It then sends that information to its network of computers across the internet. It is what’s known as a ‘drive-by’ infection because it can install itself on your machine after just a visit to an infected page, without any administrator passwords or installation procedures necessary.
The fact that the numbers are not dropping as dramatically as it first seemed isn’t anything crazy to worry about, but it does show that Apple still has a lot of work to do to contain Flashback. All of this even as a new threat, in the SabPub backdoor infection, rears its head.