Symantec: Flashback Infected Macs on the Decline

The number of Macs still infected with the Flashback trojan is on the decline, although the security firm Symantec said that there are still about 140,000 computers impacted by the malware. At its high point some 600,000 Macs were infected — a record high for Mac-related malware.

While the number of infected Macs dropped off quickly after Apple released its Java updates to address the security issue, the rate of decline seems to have stabilized just over 100,000.

Flashback-infected Macs declining, according to SymantecFlashback-infected Macs declining, according to Symantec

“We had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case,” the company said. “Currently, it appears that the number of infected computers has tapered off, but remains around the 140,000 mark.”

Users could get hit by the trojan simply by visiting a maliciously crafted website, where the malware would sidestep the usual authentication request before installing itself.

The Flashback trojan exploited a vulnerability in Java that went unpatched on OS X for several weeks after after Java owner Oracle already had a fix available. When the number of Macs hit by the trojan took off, however, Apple released a series of three updates for Snow Leopard and Lion users over the course of a week.

Apple also released a Flashback removal tool for Lion users that never installed Java. Earlier versions of the Flashback trojan masqueraded as a Flash installer to deliver its payload without relying on weaknesses in Java.

It’s possible that many of the remaining Macs infected with the Flashback trojan are running older versions of OS X where the Java security updates aren’t available. Since Apple doesn’t support versions of OS X 10.5 and earlier, older OS X users can disable Java, or can consider installing virus protection software to help block the trojan.

A new variant on the Java exploit recently surfaced, too. The new treat, called LuckyCat, installs a malware known as SubPar that can potentially let an attacker view the contents of your hard drive and copy files to a remote server. Lucky Cat appears to be delivered through altered Microsoft Word documents.

Apple and Microsoft have not yet addressed the LuckyCat threat.