Posts Tagged Anti-Virus

Antivirus Researchers Confirm: Flashback Still Infects More Than 500,000 Macs – Forbes

Andy Greenberg

Andy Greenberg 


Antivirus Researchers Confirm: Flashback Still Infects More Than 500,000 Macs


Dr. Web’s count of Macs actively running Flashback over the last weeks, showing more than half a million machines still infected.


On Wednesday, I wrote that antivirus firms disagreed by enormous margins on how many Macs remain infected by the Flashback trojan, with Kaspersky reporting as few as 30,000 machines still infected and Dr. Web, the Russian security company that first spotted the botnet, counting well over half a million Macs still running the Flashback malware.

Now Symantec has revised its findings, and they don’t look good. The antivirus firm, which earlier reported that only 140,000 machines were infected, now agrees with Dr. Web that the number is probably closer to four times that many.

Dr. Web released new statistics Friday showing that the process of eliminating Flashback from Macs is proceeding much slower than expected: On Friday, the Russian firm released new data showing that 566,000 active infected machines were counted Thursday and 610,000 counted Wednesday. (See chart above.)

Apple released a tool to remove Flashback from Macs late last week, along with several updates to Java over the last month designed to block Flashback’s method of infecting users who visit rigged WordPress blogs that exploited a vulnerability in the plugin. But the slow cleanup rate that Dr. Web has reported implies that only a fraction of users have run Apple’s cleanup program. “There are millions of people who still believe Mac is safe,” Dr. Web chief executive Boris Sharov told me when I spoke with him about his firm’s numbers Wednesday. “They don’t care. Plenty of people are not updating their Java. They say ‘I’m too busy, let’s wait until I have time.’”

Antivirus firms have been tracking the volume of Flashback’s infections by creating false command and control servers–known as sinkholes–to watch how many infected machines phone home to the spoofed machines.  Sharov told Wednesday that the other antivirus firms were underestimating the volume of Flashback’s remaining infections because they didn’t have as many command control domains registered as Dr. Web. But Symantec initially disagreed with Dr. Web’s assessment, arguing that all the malware currently cycles through all domains, so any sinkhole should give the count.

But on Friday Symantec updated its blog post to say that in fact, Dr. Web was right. An error in the malware was causing it to “hang” on certain domains and preventing them from registering on Symantec’s sinkhole.

“We were trying to understand the huge discrepancy between our numbers and Dr. Web’s. After reading Dr. Web’s blog, we now believe that between where we were measuring and they were measuring, a server was holding connections” preventing Symantec’s sinkhole from accurately measuring the botnet, Symantec’s Liam O Murchu says. “We’re now confident that what they’re seeing is accurate.”

So far, Flashback has been used only for click fraud, though like any Trojan it’s capable of updating itself for other nasty activities like credit card theft or denial of service attacks.

Apple’s Flashback removal tool can be found here.

 Antivirus Researchers Confirm: Flashback Still Infects More Than 500,000 Macs – Forbes.

, , , , , , ,

Leave a comment


Off the charts...

Thoughtfully Prepping

My Scribblings about Prepping and Survivalism

Mongos Blognet

“Logic will get you from A to Z; imagination will get you everywhere," said Albert Einstein.

The Better Man Project ™

a journey into the depths

Don Charisma

because anything is possible with Charisma

∙ tenderheartmusings ∙

we were born naked onto the page of existence; with nothing but the pen of our soul to write ourselves into eternal ecstasy ~ DreamingBear Baraka Kanaan

The Wine Wankers

G’day, you’re at the best wine blog ever! We're all about wine; without the wankery.

Good Time Stories

Inspiring and Heartwarming Stories

musings from a musical mind

60's flowerchild,herbalist,dreamer, seeker of truth


The Diary of a Retiree


Your Stories, My Stories, Our Stories


A fine site


Finishing Lifes Race Strong

Deep Shit Media

Alternative Sovereign Communications

38 Years

Perspective from the middle ages of life


A great site

Chastisement 2014

He is ready to separate the chaff from the wheat with his winnowing fork

Direct From The Street - Stuff We And People Share

Photos, Videos, Articles - Business, Social Media, Marketing, Entertainment, Fashion, Sports, Life


Get every new post delivered to your Inbox.

Join 366 other followers

%d bloggers like this: