Symantec: Flashback Malware Infections Decreasing, But Valuable Lessons Can Be Learned

Posted by By Vernon 3 Min Read April 14, 2012
Flashback: Number of infected computers
Flashback: Number of infected computers. Source: Symantec

Earlier in the year, over 600,000 Mac computers were reported to have been infected with a malware called Flashback. OSX.Flashback made its first appearance in 2011 and has since evolved from a social engineering scam passing off as a fake flash update to using digital certificates purporting to come from Apple. This malware is currently using the latest Java vulnerability (BID 52161 – Oracle Java SE Remote Java Runtime Environment Denial Of Service Vulnerability ) in order to deliver its payload.

[ad#Google Adsense 336×280]

Flashback: Number of infected computers by country. Source: Symantec
Flashback: Number of infected computers by country. Source: Symantec

Symantec has confirmed the number of computers infected with the Flashback malware is going down, with approximately 270,000 machines still infected out of the originally reported 600,000, with the majority of the remaining infections in North America, Australia and the UK. More details can be found in this new Symantec blog post: http://www.symantec.com/connect/blogs/osxflashbackk-suffering-slashback-infections-down-270000.

IT departments and computer users can learn valuable lessons from this experience:

  • No operating system is immune to malware attack and any Internet-connected device should have security precautions in place.
  • Mac users are not out of the woods. There are still hundreds of thousands of users who have not taken the steps necessary to remove the malware. Additional infections are also still possible if the appropriate security updates are not installed.
  • Cybercriminals often build on the exploits of others; additional attempts at widespread Mac malware infections are likely to follow.

Last week, Apple finally released a patch that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. Older systems (v10.5 and below) remain vulnerable and the official recommendation from Apple is to disable Java to prevent infection. It is recommended to initiate an update if this has not been done already or to download the update manually from Apple if your OS is vulnerable to the attack. Some quarters have condemned Apple for being slow to mobilise a fix/patch for the vulnerability.

Symantec Security Response has developed a free removal tool for OSX.Flashback.K for Macs, to detect and eradicate Flashback.

There are also other tools to scan possible infections and fix your Macs:

F-Secure
http://www.f-secure.com/weblog/archives/00002346.html

Dr Web Online
https://www.drweb.com/flashback/

Apple Java update
http://support.apple.com/kb/HT5242

Have you checked your Mac yet? We highly advise that you do so!

Vernon
Vernon
View More Posts
Vernon is the founder and chief editor of Vernonchan.com. A graphic designer by profession, he has a deep love for technology, cars, gadgets, food, and travel. He tweets too much and is also known as a caffeine bacterium ("life's too short for bad coffee"). Bleeds Blue (go Chelsea FC!) and considers BMW, Porsche, Alfa Romeo cars to have in the garage--hallmarks of a true petrolhead.