Kaspersky and Symantec both reported dramatic declines in the number of Macs infected with the Flashback malware this past week. However, Dr. Web--the source that discovered the threat in the first place--claims the number of compromised systems is still going strong, and may even be growing.
Apple responded to the malware attack with a patched version of Java, and a subsequent update that removes the Flashback malware. Apple also implemented a process to proactively disable Java if its not actively used--a brilliant way of reducing the exposure to attack by following established security best practice and turning off or removing services and tools that aren’t necessary.
Following the moves by Apple, there have been reports that the number of systems infected with Flashback malware has dropped to 140,000, or even as low as 30,000. However, Dr. Web claims the number is still somewhere around 650,000, and that unique evasion techniques in the malware, combined with flaws in the methodology of the security vendors, is yielding false data.
Symantec has updated its information to reflect the fact that its data may be inaccurate. Symantec states that its most recent information places the number around 185,000, but adds that a rival sinkhole seems to be skewing the numbers because it is acting like more of a blackhole and preventing others from gathering that data.
Regardless, the Flashback Trojan--and the botnet created in its wake--has been a wake up call for Mac users and for Apple. The Mac culture has been largely ignored by attackers, and that has fostered a false sense of security that actually makes Mac users easier prey in some respects.
Perhaps the belief that the platform is just inherently secure is a contributing factor to why the Flashback malware seems to be continuing to thrive. The threat is known. Security vendors have tools to detect and block it. Apple has patched the flaw, and released a tool to eradicate the infection.
With all of that, one of the only explanations left for why Flashback isn’t dead is that Mac users are simply not using the tools that have been made available. They may see the headlines, and be aware that the threat is “out there”, yet mistakenly believe that it’s just something that happens to other Mac users, and not something they need to be concerned with.
Whether you believe you are affected or not, I urge all Mac users to download and apply the updates made available by Apple. For more peace of mind, I suggest you visit the Kaspersky Flashback Check site or use the standalone Flashback Malware Removal Tool from Apple to see if your machine is infected or not.