The Flashback saga has yet to reach its end, as a recent report debunks earlier claims that the number of infected Macs had fallen from 600,000 to 140,000 over a matter of a few days. Apple released a security tool to combat Flashback last week, and Norton Symantec reported that the number of infected machines had fallen to 140,000 shortly after. That number has been proven to be inaccurate.
In an interesting turn of events, the original Flashback whistleblower, Russian security firm Dr. Web, has revealed that around 650,000 Macs are still infected with the notorious trojan. Not only are there many Macs connected to the botnet that were previously unaccounted for, but more OS X computers are added every day.
Dr. Web sounded the alarm earlier this month saying that 600,000 Macs were part of the Flashback botnet. The firm estimates that 817,879 total Macs have been infected by Flashback at some point. The botnet spreads itself by exploiting browser click fraud scams and vulnerabilities in Apple’s Java that have since been reportedly patched.
With all of the third-party security tools Apple’s own updates that have been released to combat Flashback, you’d think that the trojan would be starting to die off. Due to the tricky way Flashback pings its host severs, other researchers were not able to completely track the botnet’s growth. According to Dr. Web:
This is the cause of controversial statistics — on one hand, Symantec and Kaspersky Lab reported a significant decline in the number of BackDoor.Flashback.39 bots, on the other hand, Doctor Web repeatedly indicated a far greater number of bots which didn’t tend to decline considerably.
Symantec has since updated its post to reflect Dr. Web’s newest data.
If you haven’t already, update your Mac with Apple’s latest security patch and check to see if you’ve been infected with Flashback. If anything, these numbers indicate that many Mac users are bad at keeping their computers up to date. Apple has released a total of 3 security patches to combat Flashback this month, and the last update will remove the trojan from any infected machine entirely.