Two days ago, we reported on information that hundreds of thousands of Macs were infected by the Flashback malware. This statement from the Russian security company Dr. Web was met with skepticism by some people in the security industry, but it turns out that, according to security journalist Ed Bott, a second source has confirmed this figure. As Bott says, “That number is not just an estimate. It’s a count of unique hardware IDs reporting in to a command-and-control server.”
The data comes from the use of a “sinkhole,” which is essentially a method of putting a wire-tap on network traffic to analyze it. This was done in Russia, where the servers that control the Flashback malware are hosted, and this allowed the company to get detailed information about the number of Macs infected.
While the initial numbers of 500,000 or 600,000 may sound shocking, it becomes even more so when you look at what that means as a percentage of all Macs around the world. To again quote Ed Bott:
With 600,000 infections in a user base of 60-70 million, that means roughly 1% of all Macs worldwide have been hit by this thing, which is capable of downloading additional malware at will.
So one in 100 Macs are infected, and, “What’s remarkable about that number is that it represents infections from a single downloader.” It’s clear that we are faced with an unprecedented attack of Mac malware.
Intego has been providing protection from the Flashback malware since we first discovered it in September, 2011, and has kept the malware definitions for its Mac antivirus software, VirusBarrier X6, up to date each time the company’s Malware Research Team has found new variants. In one 24-hour period alone, earlier this week, our researchers discovered 25 new variants of this malware.
(See this recent Macworld article for an overview of the Flashback malware, its history, and its effects.)
As we pointed out in an article yesterday, this malware can infect Macs with no user intervention, so it is highly recommended to use Mac antivirus software to protect against it. Make sure to update Java, but it is likely that the attacks via Java have ceased, given the amount of publicity surrounding this malware. However, other vulnerabilities will be exploited, and this highlights the need to apply security updates as soon as possible to both Mac OS X and to third-party software.
To check to see if you’re infected with the Flashback malware, download a free 30-day demo of Intego VirusBarrier X6, the leading Mac antivirus program.