Flashback infections not declining: discoverers

23 Apr 12

The Russian web security firm that initially drew attention to the troublesome Mac trojan known as Flashback says reports that infections are dropping are incorrect.

The trojan was revealed to be installed on around 600,000 Mac computers at the beginning of this month, forming a large botnet that many have called the worst the Mac platform has ever seen.

Both Symantec and Kaspersky stated last week that infections were declining as a result of new security measures, the former putting the figure at 140,000 and the latter at just 30,000.

However, according to Russian company Dr Web the number is still around 650,000.

The reason for the discrepancy is that a server with which the bots communicate is not closing the TCP handshake after the communication has ended. This causes the bots to switch to standby mode and cease communicating with other command centres, including those registered by the security vendors.

"At the same time infected computers that have not been registered on the [Flashback] network before join the botnet every day’, Dr Web says in a blog post.

Apple has released a security update to combat the trojan as well as a specific Flashback removal tool.

Share on: LinkedIn Twitter Facebook