No decline in Flashback malware infections, antivirus firm claims

The Flashback (Flashfake) malware attack targeting Apple's Mac computers may not quite be on the decline yet, a Russian antivirus vendor that discovered the attack claimed over the weekend.

 

Doctor Web said it has not registered any significant decrease in the number of BackDoor.Flashback.39 bots, contradicting an earlier finding by security vendor Symantec.

 

"(B)otnet statistics acquired by Doctor Web contradicts recently published reports indicating a decrease in the number of Macs infected by BackDoor.Flashback.39 The number is still around 650,000," it said.

 

It said its virus analysts continue to monitor the Mac botnet after it discovered it last April 4.

 

The company claimed as many as as 817,879 bots connected to the BackDoor.Flashback.39 botnet at one time or another.

 

An average of 550,000 infected machines interact with a control server on a 24-hour basis, it added.

 

Doctor Web said its figures showed 717,004 unique IP-addresses and 595,816 Mac UUIDs were registered on the BackDoor.Flashback.39 botnet April 16.

 

On April 17, it registered 714,483 unique IPs and 582,405 UUIDs.

 

"At the same time infected computers, that have not been registered on the BackDoor.Flashback.39 network before, join the botnet every day," it said.

 

In contrast, CNET reported Friday the number of Flashback-infected Apple computers had gone down to 30,000 from a high of 600,000 earlier this month.

 

Flashback (Flashfake) infects Mac computers by exploiting an unpatched version of Java. Apple has since rolled out the needed patch but only for newer versions of its OS X.

 

Sophisticated routine

 

Doctor Web said BackDoor.Flashback.39 uses a sophisticated routine to generate control server names —one possible reason for the discrepancy of its figures with those of other antivirus companies.

 

"(The botnets) do not communicate with other command centers, many of which have been registered by information security specialists. This is the cause of controversial statistics — on one hand, Symantec and Kaspersky Lab reported a significant decline in the number of BackDoor.Flashback.39 bots, on the other hand, Doctor Web repeatedly indicated a far greater number of bots which didn’t tend to decline considerably," it said.

 

Doctor Web reiterated its advice to OS X users to install Java updates and scan the system to determine whether it has been infected. — TJD, GMA News