Mac Flashback infections still over 140k says Russian AV firm

Steady declines, but the Flashback botnet is far from obliterated.

The infamous Mac trojan Flashback, which infected 800,000 Mac OS X machines at its height this April, is still lingering on over 140,000 computers, according to Russian security firm, Dr Web.

The company has tracked a steady decline in the number of infections across the world since first reporting a massive Mac trojan outbreak was underway in early April, but notes there remain a significant number of infections.

If Dr Web's figures are correct, the number of infections is nearly as large as what other security vendors reported in late April after security vendors released removal tools for the malware.

At the beginning of July there were 225,016 Flashback infections, according to Dr Web. Total infections declined by between 7,000 to 10,000 machines every three days until 19 July to 180,536 and then fell by over 30,000 machines in the three days to 22 July to 148,492.

Symantec, in late April, initially reported logging 140,000 universally unique identifiers (UUID) associated with each Mac infected by the Flashback malware. Fellow Russian AV vendor Kaspersky Lab was reporting over 200,000 Flashback infections.

However, at the time, Dr Web was reporting the total number of UUIDs associated with the malware at over 582,000 and unique IP addresses at over 714,000. Symantec later increased its estimate to 185,000 UUIDs. Dr Web claimed other vendors were undercounting the number of infections because the servers it was relying on to produce its figures offered a more complete picture.

Surprisingly, Dr Web also says the trojan is still taking a small number of new victims each day.

“[D]espite the release of operating system updates, anti-virus software for Mac OS X, and an array of tools to remove BackDoor.Flashback.39 offered by various companies, newly infected Macs are still joining the botnet, though their number at present does not exceed 3-4 computers per day,” says Dr Web.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place