Symantec: Flashback Infected Macs on the Decline

· by · News

The number of Macs still infected with the Flashback trojan is on the decline, although the security firm Symantec said that there are still about 140,000 computers impacted by the malware. At its high point some 600,000 Macs were infected — a record high for Mac-related malware.

While the number of infected Macs dropped off quickly after Apple released its Java updates to address the security issue, the rate of decline seems to have stabilized just over 100,000.

Flashback-infected Macs declining, according to SymantecFlashback-infected Macs declining, according to Symantec

“We had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case,” the company said. “Currently, it appears that the number of infected computers has tapered off, but remains around the 140,000 mark.”

Users could get hit by the trojan simply by visiting a maliciously crafted website, where the malware would sidestep the usual authentication request before installing itself.

The Flashback trojan exploited a vulnerability in Java that went unpatched on OS X for several weeks after after Java owner Oracle already had a fix available. When the number of Macs hit by the trojan took off, however, Apple released a series of three updates for Snow Leopard and Lion users over the course of a week.

Apple also released a Flashback removal tool for Lion users that never installed Java. Earlier versions of the Flashback trojan masqueraded as a Flash installer to deliver its payload without relying on weaknesses in Java.

It’s possible that many of the remaining Macs infected with the Flashback trojan are running older versions of OS X where the Java security updates aren’t available. Since Apple doesn’t support versions of OS X 10.5 and earlier, older OS X users can disable Java, or can consider installing virus protection software to help block the trojan.

A new variant on the Java exploit recently surfaced, too. The new treat, called LuckyCat, installs a malware known as SubPar that can potentially let an attacker view the contents of your hard drive and copy files to a remote server. Lucky Cat appears to be delivered through altered Microsoft Word documents.

Apple and Microsoft have not yet addressed the LuckyCat threat.

Jeff Gamet

Jeff Gamet

Jeff is the Mac Observer's Managing Editor, and co-host of the Apple Context Machine podcast. He is the author of "The Designer's Guide to Mac OS X" from Peachpit Press, and writes for several design-related publications. Jeff has presented at events such as Macworld Expo, the RSA Conference, and the Mac Computer Expo. In all his spare time, he also co-hosts the We Have Communicators podcast, and makes guest appearances on several other podcasts, too. Jeff dreams in HD.

Sign Up for the Newsletter

Enter a valid email address

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Adding to list…

1 Comments

BurmaYank

Check out MacUpdate’s Promo for today only:

VirusBarrier X6 10.6.15 for $19.99 (60% off, retail $49.95), only until midnight tonight!

But you might perhaps also find the comments of the reviewers there valuable before you decide to buy.

Add your comment

Remember my personal information

Notify me of follow-up comments?