News, information, and commentary of the Flashback malware threat has ricocheted around the web over the past few weeks. The news of dangerous Mac malware has spread from the Apple and tech media into the mainstream. While not downplaying the seriousness of the threat, a Microsoft announcement yesterday does offer some perspective.
Microsoft made it clear that the Conficker worm is still infecting millions of PCs worldwide – three years after fears about Conficker’s potential damage and the estimated level of infections (estimates ran as high 12 million PCs at the time) created a media frenzy.
The Conficker threat first emerged four years ago using a just-patched vulnerability to infect machines running Windows XP and Vista. A more dangerous version of the worm emerged in early 2009 and led to mass levels of infection with the malware expected to update itself on April 1, 2009. When that date passed without incident thanks to security researchers preventing infected PCs from contacting command and control servers for the Conficker botnet, concern about the worm began to fade from most people’s minds.
Microsoft’s assertion that millions of PCs remain infected and that the worm is continuing to spread is a disturbing one. The company estimates the current botnet contains seven million infected PCs worldwide. According to Computerworld, the main reason Conficker has never caused much damage is that the Conficker Working Group, an association of security companies and researchers that includes Microsoft, is continually taking actions to block the infected PCs from reaching and command and control servers even three years later.
On the one hand that offers a sense of perspective on the Flashback threat. Even though there are still infections, the number of infected Macs never reached Conficker’s level. Apple’s response of building out prevention and removal tools through Software Update is likely to stem the threat over time – particularly among users that opt not to purchase anti-malware packages.
On the other hand, it shows that malware threats don’t disappear overnight (or at all). That means that Mac users (and IT professionals) shouldn’t get complacent now that the bulk to the threat seems to have passed. The ongoing response by the Conficker Working Group shows that, in future threats, Apple may need to take a more active and visible role in responding to malware.