Posts Tagged Anti-Virus
Antivirus Researchers Confirm: Flashback Still Infects More Than 500,000 Macs
On Wednesday, I wrote that antivirus firms on how many Macs remain infected by the Flashback trojan, with Kaspersky reporting as few as 30,000 machines still infected and Dr. Web, the Russian security company that first spotted the botnet, counting well over half a million Macs still running the Flashback malware.
Now Symantec has revised its findings, and they don’t look good. The antivirus firm, which earlier reported that only 140,000 machines were infected, now agrees with Dr. Web that the number is probably closer to four times that many.
Dr. Web showing that the process of eliminating Flashback from Macs is proceeding much slower than expected: On Friday, the Russian firm released new data showing that 566,000 active infected machines were counted Thursday and 610,000 counted Wednesday. (See chart above.)
Apple released a tool to remove Flashback from Macs late last week, along with several updates to Java over the last month designed to block Flashback’s method of infecting users who visit rigged WordPress blogs that exploited a vulnerability in the plugin. But the slow cleanup rate that Dr. Web has reported implies that only a fraction of users have run Apple’s cleanup program. “There are millions of people who still believe Mac is safe,” Dr. Web chief executive Boris Sharov . “They don’t care. Plenty of people are not updating their Java. They say ‘I’m too busy, let’s wait until I have time.’”
Antivirus firms have been tracking the volume of Flashback’s infections by creating false command and control servers–known as sinkholes–to watch how many infected machines phone home to the spoofed machines. Sharov told Wednesday that the other antivirus firms were underestimating the volume of Flashback’s remaining infections because they didn’t have as many command control domains registered as Dr. Web. But Symantec initially disagreed with Dr. Web’s assessment, arguing that all the malware currently cycles through all domains, so any sinkhole should give the count.
“We were trying to understand the huge discrepancy between our numbers and Dr. Web’s. After reading Dr. Web’s blog, we now believe that between where we were measuring and they were measuring, a server was holding connections” preventing Symantec’s sinkhole from accurately measuring the botnet, Symantec’s Liam O Murchu says. “We’re now confident that what they’re seeing is accurate.”
So far, Flashback has been used only for click fraud, though like any Trojan it’s capable of updating itself for other nasty activities like credit card theft or denial of service attacks.
- Flashback botnet not shrinking, huge numbers of Macs still infected (techworld.com.au)
- Flashback botnet not shrinking, huge numbers of Macs still infected (macworld.com)
- Flashback botnet not shrinking, huge numbers of Macs still infected (computerworld.co.nz)
- Infected Macs may be increasing, not declining (technolog.msnbc.msn.com)
- Whoops: Symantec was wrong, some 650K Macs still infected with Flashback (thenextweb.com)
- A Week After Apple’s Fix, Flashback Still Infects Half a Million Macs (apple.slashdot.org)
- Flashback infections not waning after all; 650,000 Macs still hijacked (arstechnica.com)
- New report says Flashback infections remain high (news.cnet.com)
- Flashback Mac botnet shrinks, says Symantec (techworld.com.au)
- Flashback waning, but still infecting about 140,000 Macs (arstechnica.com)
- Nude Man Who Locked Self Out Of House Delivers Moving Treatise On Human Condition To Slowly Gathering Crowd | The Onion - America's Finest News Source
- PETA's cynical and exploitative porn stunt - Advertising - Salon.com
- Republicans Bash No Child Left Behind, Then Bash Obama For Trying To Unravel It | ThinkProgress
- Instagram Users Fail to Welcome Their New Overlord - NYTimes.com
- Stack ranking: Steve Ballmer's employee-evaluation system and Microsoft's decline.
- Cities Where Americans Can’t Get To Work - 24/7 Wall St.
- T-Mobile USA Web Guard - OONI : Open Observatory of Network Interference
- Dana Milbank: Ted Cruz is filibusted - The Washington Post
- Why I refuse to text message - Life stories - Salon.com
- MacGyver of the Day: Electronics Hacker Jeri Ellsworth - Makers - Lifehacker
Blogs I Follow
- SATIRE NATION
- Thoughtfully Prepping
- Derek's Blog
- The Better Man Project
- Don Charisma
- ∙ tenderheartmusings ∙
- The Wine Wankers
- Good Time Stories
- musings from a musical mind
- Deep Shit Media
- 38 Years
- Chastisement 2014
- Direct From The Street - Stuff We And People Share
December 2014 M T W T F S S « May 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31