Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Flashback Trojan still on 650,000 Macs, security company discovers

Infected machines not showing up thanks to interception

Article comments

The Mac Flashback Trojan was still installed on more than half a million Apple computers late last week and is declining only slowly, Russian security company Dr. Web has reported.

Although all security companies now agree that the best days of Flashback (or 'Flashflake') are now behind it, the new numbers suggest a greater level of infection than that has been reported by rivals.

Measured by UUID device identifiers, Dr. Web now believes that at its greatest extent the bot was around 817,000 machines, with an average of 550,000 contacting the command and control servers during any 24-hour period.

By 19 April the bot was communicating with 566,000 Macs, down from 673,000 three days earlier, still considerably higher than Symantec’s estimate last week that the bot’s size had shrunk to 270,000 infected systems, and Kaspersky’s figure of 237,000 on 14 and 15 April.

Some of the confusion could be down to measuring the bot using either IP addresses or device IDs (UUIDs), and doing so at different points in time.

However, Dr. Web thinks it has a better explanation for the understands this discrepancy, which, it said, has to do with attempts by an unnamed entity (presumably a security company) to block the bot’s activity.

Infected bots had been connecting to a server at 74.207.249.7, which was putting them into a suspended state. All machines doing this would no longer be able to communicate and be registered as ‘active’ by security company sinkholes despite still being infected.

“This is the cause of controversial statistics — on one hand, Symantec and Kaspersky Lab reported a significant decline in the number of Backdoor.Flashback.39 bots, on the other hand, Dr. Web repeatedly indicated a far greater number of bots which didn’t tend to decline considerably,” the company argued.

At least one security company - Mac security specialist Intego - agrees with Dr. Web’s contention that Flashback’s infection numbers have recently been underestimated.

“Intego has analyzed the malware, and, following discussions with other security companies, has determined that not only are these numbers [the lower estimates] incorrect, they are underestimating the number of infected Macs,” the company announced in a Friday blog post.

If this is correct, it does at least mean that while infected, these machines are now dormant and presumably beyond the control of the bot controllers.

On Friday, Kaspersky offered more information on how the malware was able to infect its victims through WordPress blog sites that had been compromised to host a malware redirection script.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *