Mac Flashback Infections Drop to 270,000: Symantec

The software security firm says the infections are now less than half the 600,000-plus found last week by antivirus software vendors Kaspersky and Dr. Web.

The number of Apple Macs infected with the Flashback malware seems to be shrinking as Internet security software vendors roll out tools to detect and remove the exploit and run €œsinkhole€ operations to reduce its effectiveness.

According to security vendor Symantec, the number of infected systems worldwide has shrunk to 270,000, less than half the more than 600,000 discovered by two other security firms earlier this month.

In an April 11 post on the company€™s official blog, Symantec officials said that a sinkhole operation they€™ve been monitoring had seen the number of infections drop from 380,000 to 270,000 in a 24-hour period. The sinkhole operation not only enables Symantec to monitor the Flashback malware, but also to prevent the exploit from contacting the command-and-control servers for more instructions, rendering the malware benign.

The bulk of the infected Macs€”about 47.3 percent€”are in the United States, according to Symantec officials. Canada has the second-highest number of infections, at 13 percent.

Symantec also was able to identify many distinct IP addresses that are being used for the one of the Flashback variants.

€œThe IP addresses are no longer serving malicious content related to OSX.Flashback.K; however, we are monitoring the situation closely should the Flashback gang decide to redistribute their operations,€ Symantec officials wrote.

The Flashback malware was first discovered last year, and operated as a classic Trojan, disguising itself as an update to Adobe Flash (thus the Flashback name). New versions were found in late March and earlier this month, with the variants acting more as drive-by malware, which infects the systems when the users go to a compromised or malicious Website.

A small Russian antivirus company, Dr. Web, announced April 4 that more than 600,000 Macs€”or between 1 and 2 percent of all Macs in use worldwide€”were infected by the Flashback malware, a number that was later confirmed by security software maker Kaspersky Lab. Flashback became the largest malware issue to hit Apple systems€”which had seen several attacks by other malware over the past year€”and has helped blow apart the theory that Macs are invulnerable to malicious software.

Apple has come under fire for its slow response to the Flashback malware, which takes advantage of flaws in Java. Oracle had fixed the flaws for Windows PCs and other systems weeks ago, but Apple didn€™t offer the patch to Mac users until last week. In addition, Dr. Web CEO Boris Sharov told that he never heard back from Apple after sending it all the information he had on the Flashback malware. In addition, the notoriously tight-lipped Apple at one point asked a Russian registrar to shut down a domain that Dr. Web was using as part of its sinkhole operation. Sharov said he believed it was an honest mistake on Apple€™s part but that it indicates that Apple needs to learn how to work with the security community.

€œThey told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren€™t the ones controlling it and not doing any harm to users,€ Sharov told Forbes. €œThis seems to mean that Apple is not considering our work as a help. It€™s just annoying them.€

At the same time, Apple officials announced in a brief note on their Website April 10 that they were working on a tool that will enable Mac users to detect and remove the malware from their systems. However, they did not give a timetable of when that will be released.

In the meantime, a number of vendors€”including Kaspersky, F-Secure and Intego€”as well as a

software developer

have all released such free tools over the past week, putting Apple far behind the curve in responding to Flashback.

In an April 11 post on his company€™s blog, Mikko Hypponen, chief research officer for F-Secure, criticized Apple€™s slow response.

€œApple has announced that it's working on a fix for the malware, but has given no schedule for it,€ Hypponen wrote. €œQuite surprisingly, Apple hasn't added detection for Flashback€”by far the most widespread OS X malware ever€”to the built-in Xprotect OS X antivirus tool. Also note that Apple has not provided a patch for the Java vulnerability used by Flashback for OS X v10.5 (or earlier).€