Flashback Bot Counts Fall, Researchers Set up Free Infection-Checking Site

Mac malware is still enough of an oddity that the existence of a single botnet made up of Macs has prompted a huge amount of publicity and finger-pointing in the general direction of Apple. The furor over the Flashback malware seems to be receding a bit, and researchers say that the number of unique bots connecting to a sinkhole server dropped significantly over the weekend. But that doesn’t mean that the threat is over.

Mac flashbackMac malware is still enough of an oddity that the existence of a single botnet made up of Macs has prompted a huge amount of publicity and finger-pointing in the general direction of Apple. The furor over the Flashback malware seems to be receding a bit, and researchers say that the number of unique bots connecting to a sinkhole server dropped significantly over the weekend. But that doesn’t mean that the threat is over.

Statistics compiled by Kaspersky Lab, which is operating a sinkhole command-and-control server to which a portion of the Flashback-infected machines are connecting, show that the since Friday, the number of bots communicating with the server has dropped by more than 50 percent. On Friday, the count was more than 650,000 bots, but by Sunday it was down to about 237,000 bots.

“We continued to intercept domain names after setting up the sinkhole server and we are currently still monitoring how big the botnet is. We have now recorded a total of 670,000 unique bots. Over the weekend (7-8 April) we saw a significant fall in the number of connected bots,” Aleks Gostev, chief security expert at Kaspersky, said in a blog post. “This doesn’t mean, however, that the botnet is shrinking rapidly – these are merely the numbers for the weekend.”

Botnets often will go through periods of ups and downs in terms of numbers of infected bots, especially after the existence of the network is made public. When that happens, users begin looking for infections on their machines and the numbers begin to drop. But some of those same machines will then become infected again if the underlying vulnerability isn’t fixed and the users run across the same malware. 

To help users determine whether their Macs are infected with the Flashback malware, Kaspersky has set up a site that includes information on the Flashback Trojan itself, how the infection occurs, and a mechanism to check their UUIDs against a list of infected machines. The site, Flashbackcheck.com, will help compile statistics on numbers of infected machines. Users also can download a free removal tool for Flashback that will disinfect machines. 

Flashback has been infecting Mac users in various forms for several months and the malware is now using exploits for a Java vulnerability to infect users through a drive-by download attack. 

Suggested articles

plugX malware loader TA416

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.

Discussion

  • Hibari on

    Sorry, but I get tired when I see polls like yours, and can only hope it's intended as rank satire, or even as a Mac-faced punching bag for Windows users to enjoy smacking a bit. If it's serious, then that's just sad--more so than most Internet polls, which is saying something.

    As a long-time Mac and Windows user who has always preferred Macs, and as someone who has known innumerable Mac users, I have never heard a single one state the belief that the Mac is "impenetrable" to malware (the poll responders who said "impenetrable" are probably mostly Windows users). The ones who know the Mac well have the realistic view that it's relatively safe and a much lesser target, but far from impenetrable. Mac users who don't know it well usually assume that it's as succeptible to malware as Windows. I've had to correct many people who believe their Mac is being attacked by "viruses," but never had to correct someone who thought it could never be affected. Most ask me if they should use antivirus software; none make claims about the Mac being bulletproof.

    Most of the people talking about the Mac OS as being "impenetrable" or "immune" are just ticked-off Windows users. They get annoyed that Mac users are largely unaffected by malware that barrages Windows machines. They despise the smug "you shoulda used a Mac" jibes, and respond by exaggerating the confidence Mac users have in the platform. At best, it's a mistaken assumption; at worst, a snide put-down.

    Ironically, when my Mac started getting redirected to ".rr.nu" sites several weeks ago, I thought the most likely culprit was malware on my Mac, only later to find out it was Wordpress blogs I visited that had been hacked to redirect to infected pages. (I run Xcode and therefore was not infected.)

    A better poll would have had options such as, "My confidence in Macs is completely broken," "I am re-evaluating how I use my Mac more safely," "I am a bit more concerned but not much," "I am as cautious as always," "I was overconfident and won't make that mistake again," "I didn't know that malware could hit a Mac," and "I don't use a Mac." Naturally, any Internet poll is bunk and will never reflect reality, but at least it would be an honest attempt to evaluate how people are reacting (a valuable insight) instead of just making fun of people.

     

  • Anonymous on

    Most Mac users I know of always tell me that they can't get viruses. I guess it just depends on the area we live/frequent. Most of the time I just smile at them because I never get viruses on my Windows systems mainly because I have all scripting turned off in the browsers and only go to a few websites on a normal basis.

    I don't see the option on the poll for a Mac being 'impenetrable' to be a bad choice though. Like I said, most people that I know of that are Mac users DO believe that. Hopefully this will open those people's eyes to realize that anyone can be infected with malware and they will take the necessary precautions.

  • Anonymous on

    Most Mac users I know of always tell me that they can't get viruses. I guess it just depends on the area we live/frequent. Most of the time I just smile at them because I never get viruses on my Windows systems mainly because I have all scripting turned off in the browsers and only go to a few websites on a normal basis.

    I don't see the option on the poll for a Mac being 'impenetrable' to be a bad choice though. Like I said, most people that I know of that are Mac users DO believe that. Hopefully this will open those people's eyes to realize that anyone can be infected with malware and they will take the necessary precautions.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.