Mac malware Flashback infections down —Symantec

After passing the half-million mark, the Flashback malware threat to computers running Apple's OS X appear to be decreasing, computer security firm Symantec said.

 

Symantec said its data showed the number of infections had "decreased significantly" from 600,000 last April 5 to about 270,000 last Wednesday.

 

"This figure has decreased significantly since then and from our sinkhole data, we have estimated that the number of computers infected with this threat in the last 24 hours is in the region of 270,000, down from 380,000," it said.

 

It added that as of Thursday night, the United States still topped the list of countries with Macs affected by Flashback.

 

Flashback is a malware that exploits an unpatched version of Java in the Macs.

 

Symantec said the top 10 countries in terms of infections are the US (47.3 percent); Canada (13 percent); UK (6.1 percent); Australia (5.1 percent); France (3.2 percent); Mexico and Italy (2.9 percent each); Japan (1.9 percent); Spain (1.8 percent); and Germany (1.6 percent).

 

It said its findings showed OSX.Flashback generates one domain name each day to contact for commands.

 

Many of the .com domains used by the malware were also found to be registered between March 26 and April 4, dates that "fall in line with the preparation for the recent Flashback attack."

 

Apple has since released a patch that fixes the Java flaw, but it works only for OS X 10.6 (Snow Leopard) and 10.7 (Lion).

 

"Older systems (v10.5 and below) remain vulnerable and the official recommendation from Apple is to disable Java to prevent infection. It is recommended to initiate an update if this has not been done already or to download the update manually from Apple if your OS is vulnerable to the attack," it said.

 

Lesson learned

 

Symantec also said the incident should be a lesson learned for IT departments and computer users.

 

"No operating system is immune to malware attack and any Internet-connected device should have security precautions in place," it said.

 

It added Mac users are not out of the woods as there are still hundreds of thousands of users who have not taken the steps necessary to remove the malware.

 

"Additional infections are also still possible if the appropriate security updates are not installed," it said.

 

On the other hand, it said cybercriminals often build on the exploits of others, and "additional attempts at widespread Mac malware infections are likely to follow." — TJD, GMA News