Mac Flashback Infections Now Down to 140,000: Symantec

 
 
By Jeffrey Burt  |  Posted 2012-04-18 Email Print this article Print
 
 
 
 
 
 
 

However, Symantec officials said that considering the number of tools available to detect and remove the malware, they would have expected a greater decrease.

The number of Apple Mac systems infected with the Flashback malware has dropped to about 140,000 worldwide, though officials with security software vendor Symantec said that number seems to be tapering off.

At its height earlier this month, the Flashback exploit had infected more than 600,000 Macs€”more than 1 percent of the systems in use globally€”a record for a Mac malware attack. A host of security software makers€”including Symantec, Kaspersky Lab, F-Secure and Intego€”and Apple itself have rolled out free tools that enable users to detect and remove the malware from their systems.

The fact that so many such tools are out there has Symantec officials wondering why the drop in infected systems isn€™t greater.

€œ[W]e had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case,€ the officials said in a post April 17 on Symantec€™s blog. €œCurrently, it appears that the number of infected computers has tapered off, but remains around the 140,000 mark. As there have been tools released by Symantec and other vendors in the past few days concerning this threat, the infection numbers should have seen a dramatic decrease by now.€

The officials urged users to install the latest patches and use the tools to remove the malware.

The Flashback malware shot holes through the theory that Apple systems were essentially immune from such infections, and exposed Apple€™s inexperience in addressing such security issues. The Flashback malware exploited a vulnerability in Java, which Oracle owns. But while Oracle was able to patch Microsoft Windows PCs and other systems weeks earlier, it wasn€™t until April 3€”after the Mac infections were well underway€”that Apple issued the patch for the Java flaw.

Then Apple was days behind the security software vendors in offering a tool to detect and remove the malware.

While the Mac community is trying to put the Flashback attack behind it, another piece of malware has come into the picture. According to companies such as Kaspersky, Symantec, Sophos and Intego, the new malware€”called Sabpab or SabPub, depending on the company€”that works as a classic backdoor Trojan horse, which is leveraging the same Java flaw as Flashback to get into systems and steal information. The Sabpab Trojan creates files and then sends encrypted logs back to the command-and-control (C&C) server, enabling the hackers to monitor the activity on the system, according to researchers.

However, the threat may not be as widespread as Flashback, according to some researchers.

€œThese malware variants are being used in targeted attacks against Tibetan-focused NGOs [non-governmental organizations] and are therefore very unlikely to be encountered €˜in-the-wild€™ by day-to-day Mac users,€ researchers at F-Secure said in an April 17 post on the company blog. €œIf you're a Mac-using human rights lawyer, however €¦ your odds of exposure are another matter entirely. If you don't have it already, now is the time to install antivirus on your Mac.€

Michael Sutton, vice president of security research at Zscaler, said the malware is delivered via email targeted at Tibetan sympathizers. Though some industry observers have wondered whether Sabpub could become as large as Flashback, Sutton said the issue is being over-hyped in the media.

€œThis is a small targeted attack,€ he said in an email. €œIt is not widespread, nor is it meant to be. Patches are available for both vulnerabilities targeted by SabPub, so Mac users with fully patched systems are not vulnerable.€

Like other security researchers, Sutton said users of Macs and other Apple devices need to understand that as those devices€”not only Macs, but also iPhones and iPads€”become more popular with consumers and businesses, the number of attacks on them will also grow. So will attention from news organizations.

€œAs the Mac becomes an increasingly popular computing platform, we will naturally see an increase in attacks geared toward the OS X platform,€ Sutton wrote. €œThat said, today, Mac OS X targets remain a small sliver of total malware currently in the wild. SabPub, for example, is receiving far more media attention than would a similar PC-based attack, given the limited number of victims involved.€

 


 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel