Saturday, 21 April 2012 17:27

Symatec Claims Flahsback Infections Down to 140,000; Dr. Web Says They Are Wrong

Written by

Reading time is around minutes.

14621rotten_appleAlthough it will come as no surprise to anyone really the is now a report stating that Symantec’s estimation of the number of infected Macs with the Flashback Trojan might have been a tad low. You all remember that a couple of weeks ago Apple admitted to the malware and its effect on OSX. They finally released a patch for the affected subsystem (the Java API in Safari) and then released a tool that was supposed to identify and fix infected systems. This was actually after Kaspersky and F-Secure released tools to perform the same task.

With the announcement of this and the fact that some 600,000+ Macs were infected with a malware that was capable of stealing personal information (including banking data) the internet went crazy. Malware companies and websites started going back and forth about the malware and Apple’s stance on malware protection (something we have covered multiple times). It seemed like the myth of OSX’s invulnerability to malware was finally and irrevocably broken by the discovery of this malware masquerading as a flash player plugin update.

So with multiple identification and removal tools, a patch (actually two patches) from Apple and a ton of consumer awareness many thought it was only a matter of time before Flashback was history. Symantec and other malware tracking sites even reported that the number of infected systems checking in is dropping (Symantec stated it was down from 600,000+ to around 140,000 in a blog post).

However, there is a small yet nasty fly in the ointment here. It seems that Dr. Web (the security company that found the botnet in the first place) is still showing a rather alarming number of infected systems connecting to the command and control servers. In fact if you look at their data it shows that from a high point of 673,037 unique IPs checking in around the 16th the number has only dropped 106,264 to 566,773. So who is correct here?
en_grafik_map_Flashback_20_ap
We there is an interesting note to all of this. According to Kaspersky roughly 205,622 Mac systems have used their online detection and removal tool Out of that number only 3,624 we found to be infected. Now at the height of its infection the Flashback bug represented about 2% of the Macs out worldwide. At 673,037 that 2% means there are roughly 33,651,850 Macs running OSX globally (if the numbers are right).  So far less than 1% (0.6%) has checked in to use the Kaspersky tool. This is not saying that other people did not use Apple’s removal tool or correct the issue another way, but considering the numbers, the publicity and the fact that there are some that claim Dr. Web made it all up (we have seen multiple comments that state this) we wonder if there are some that are still clinging on to the mythology or that believed it so much they no longer allow updates. Considering the fact that you can still ignore updates even in Snow Leopard this last one is very likely the case. In fact some of the data points to the fact that the majority of infections appear to be from consumer systems, while the majority of check ins have been from corporate own devices (this is checked using IPs as IP pools are listed as residential or commercial).

All of this makes for a very interesting situation that is a little humorous to many Windows users ho were getting tired of hearing about how Mac cannot get malware.

Discuss this in our Forum

Read 2511 times Last modified on Saturday, 21 April 2012 17:39

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.