This article was published on April 21, 2012

Whoops: Symantec was wrong, some 650K Macs still infected with Flashback


Whoops: Symantec was wrong, some 650K Macs still infected with Flashback

After a report Wednesday from security company Symantec put the number of Macs affected by the Flashback malware at just 140k, it appeared that Apple’s Java patch was working to reduce infections. But today the discoverer of the Flashback malware, Dr. Web, has produced new numbers that show some 650K Macs still infected by it.

Now, Symantec has recanted, as has Russian firm Kaspersky, in the face of new evidence from Dr. Web about the scope of the infection, reports Computerworld. The numbers that Dr. Web dropped today show that there are still around 550,000 computers that connect to the servers controlled by the botnet on a daily basis.

The number is falling, but there are still new machines, which had never connected to the network before, being recorded. This indicates that the malware is still infecting new computers.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The Flashback malware had spread to some 600,000+ infected systems as of last week, by taking advantage of a security flaw in Java which had been discovered in February. The security of Mac computers at large was obviously in question, so it’s good to see Apple take decisive action, although it would have been nice to see it a bit sooner, as this was a known vulnerability.

The Flashback program installs on an un-patched machine and attempts to harvest web browsing activity, usernames and passwords. It then sends that information to its network of computers across the internet. It is what’s known as a ‘drive-by’ infection because it can install itself on your machine after just a visit to an infected page, without any administrator passwords or installation procedures necessary.

Apple has said that it is working to attack the botnet that is spreading the infection. It has already released a patch to Java and a standalone removal tool to take care of infections.

The fact that the numbers are not dropping as dramatically as it first seemed isn’t anything crazy to worry about, but it does show that Apple still has a lot of work to do to contain Flashback. All of this even as a new threat, in the SabPub backdoor infection, rears its head.

Get the TNW newsletter

Get the most important tech news in your inbox each week.