Despite various tools released by antivirus companies and a fix released by Apple itself over a week ago, the number of computers infected with the Flashback Trojan is still high. According to Russian security firm Dr. Web, there were at least 566,000 Macs still infected late last week, which is considerably higher than the number reported by Symantec and Kaspersky Labs.
Both Symantec and Kaspersky Labs reported a substantial decrease in the number of infected Macs, which were estimated to be at around 650,000 systems at its peak. Late last week Symantec had reported that the Flashback botnet had shrunk to 270,000 infected systems, while Kaspersky reported 237,000 systems.
Dr. Web is now saying that these numbers aren’t accurate and believes that at the greatest extent of the Flashback botnet, 817,000 systems were infected with an average of 550,000 contacting the command and control servers during any 24-hour period.
Dr. Web believes that the discrepancy in estimates has to do with interception by an unnamed entity to block the botnet’s activity. Infected bots connecting to a server at 220.127.116.11 were put into a suspended state, which made them no longer able to communicate and be registered by security company sinkholes.
Intego, a security firm specializing in Macs, agrees with Dr. Web’s claim that Flashback’s infection numbers have been underestimated.
- Flashback trojan captures over half a million Macs
- Flashback trojan infected 2% of all Macs, Kaspersky confirms botnet size
- Apple is working on its own Flashback malware removal tool
- Kaspersky offers Mac Flashback trojan removal tool
- Apple tries to kill domain of the firm that discovered Flashback
- Apple Flashback malware removal in two easy steps
- New Apple Flashback removal for non-Java Lion Macs released
- Symantec says about 140k Macs still infected with Flashback
- Flashback Trojan infection down, but more Mac malware on the way