Sign in with
Sign up | Sign in

Flashback/Flashfake Botnet Now Reduced to 140,000 Macs

By - Source: Symantec | B 13 comments

There are still around 140,000 infected with the Flashback/Flashfake malware, meaning the decline seen since last week has tapered off.

Despite a fix offered by Apple, Symantec reports that there are still around 140,000 Macs infected with the OSX.Flashback.K malware. To some degree, that's actually good news, as approximately 600,000 Macs were infected as of April 9. Only 380,000 machines had the Flashback/Flashfake malware the next day, and 323,000 the day thereafter. But by Tuesday less than 99,000 were expected to still be infected, yet the number still hovered around the 140,000 mark on Wednesday.

"We had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case," Symantec reports. "Currently, it appears that the number of infected computers has tapered off, but remains around the 140,000 mark. As there have been tools released by Symantec and other vendors in the past few days concerning this threat, the infection numbers should have seen a dramatic decrease by now."

The security firm added that the recent Oracle Java SE Remote Java Runtime Environment Denial Of Service Vulnerability used to distribute the Flashback Trojan has been spotted distributing another Mac threat called OSX.Sabpab. This trojan has been used in targeted attacks distributed with malicious Word documents exploiting the Microsoft Word Record Parsing Buffer Overflow Vulnerability.

As for Flashback/Flashfake, the company has uncovered new information about its domain name generator (DNG) algorithm. According to the company, it does not limit itself to using ".com" as the top level domain (TLD), but chooses between five domain names. As an example, it can reach out to eeejudpyefmsnd.net or bwincdwtyxsorh.info.

Naturally Symantec suggests that Mac users have the latest antivirus signatures installed and have applied the latest available patches for both the operating system and third-party applications. A free detection and removal tool for the OSX.Flashback.K issue, "Norton Flashback Detection and Removal Tool," is also freely available for download.

Last week Kaspersky Lab also launched its own Flashfake removal tool, but later pulled it over a bug that caused an erroneous removal of certain user settings including auto-start configurations, user configurations in browsers, and file sharing data.

Mac users concerned that they might be infected with Flashback/Flashfake can still use Kaspersky's online tool to scan their system. This dedicated site is safe for users to visit and enter their computer’s UUID, which will be checked in Kaspersky Lab’s Flashfake database of infected computers (instructions for entering user UUIDs are included as well). If the UUID is found in Kaspersky's database, then infected Mac users will need to download and run the fixed removal tool when it becomes available.

Check here for Apple's Flashback/Flashfake fix.

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 18 Hide
    mightymaxio , April 18, 2012 9:19 PM
    ^The purpose of the article obviously is to get us to look at that girl in the picture XD
Other Comments
  • 0 Hide
    DroKing , April 18, 2012 9:10 PM
    Ok umm and the purpose of this article is? I hope its not to make dumb people think that macs are still in god mode.
  • 18 Hide
    mightymaxio , April 18, 2012 9:19 PM
    ^The purpose of the article obviously is to get us to look at that girl in the picture XD
  • Display all 13 comments.
  • 2 Hide
    halcyon , April 18, 2012 9:43 PM
    mightymaxio^The purpose of the article obviously is to get us to look at that girl in the picture XD

    +1
  • 0 Hide
    Murissokah , April 18, 2012 10:01 PM
    Should we remember everyone that these numbers are actually the number of computers that are trying to reach the command domain? That it does not mean these machines are no longer infected? Nah... let's not mention that.
  • 2 Hide
    Trueno07 , April 18, 2012 10:02 PM
    Hello OsX welcome to the mainstream!
    We have Viruses, Malware, Anti-Virus, and Anti-Malware!

    ...

    You ready for the kicker? Sometimes they're all the same thing!

    So enjoy your stay and prepare for several more viruses just like this one!


  • 8 Hide
    r3cluse , April 18, 2012 10:09 PM
    mightymaxio^The purpose of the article obviously is to get us to look at that girl in the picture XD


    There was an article?
  • 1 Hide
    donovands , April 18, 2012 10:35 PM
    I'd freaking buy a dozen Macs if SHE came with 'em.
  • 1 Hide
    del35 , April 19, 2012 1:26 AM
    So much more important news to be read. Why are sophisticated readers being subjected to such irrelevant news?
  • 4 Hide
    del35 , April 19, 2012 1:41 AM
    Quote:
    Hello OsX welcome to the mainstream! We have Viruses, Malware, Anti-Virus, and Anti-Malware!



    Ummm, a senior citizen told me that someone at the Apple store had told him a few weeks ago that Apple computers were so magical that they could never be infected by viri and that he could open any link and file without worrying. Imagine.

  • 1 Hide
    tommychan , April 19, 2012 3:59 AM
    I can only read Mac OS X, Apple and IPOD
  • 1 Hide
    shreeharsha , April 19, 2012 6:06 AM
    mightymaxio^The purpose of the article obviously is to get us to look at that girl in the picture XD


    Because of which I am not able read at my work ....
  • 0 Hide
    sam buddy , April 19, 2012 5:23 PM
    Apple, being the PR/Marketing company that they are, publish malware reports in cooperation with their partners as often as possible to protect their sales. They have invested so much in their OS being more secure than anything else out there, that now they can't do otherwise. Soon it will become old news, so they won't have to, and their OS will "harden up".

    BTW, can you imagine MS doing the same thing, with media reproducing the reports? We would have to use advanced search strings to find some real news!
  • 0 Hide
    Anonymous , June 3, 2012 7:00 PM
    No computer or operating system is immune to this sort of thing.... Mac's, until recently, have never been in the hands of as many home-end-users as they have recently before. With this, now virus makers, etc. have an actual reason to start writing virus's and all for Macs because it's worthwhile doing. I hope they go and truely bring out how insecure Mac's really are and make this worthless, scamming company called Apple sweat.