Flashback Trojan infection still going strong

23Apr/120

Flashback Trojan infection still going strong

Despite various tools released by antivirus companies and a fix released by Apple itself over a week ago, the number of computers infected with the Flashback Trojan is still high. According to Russian security firm Dr. Web, there were at least 566,000 Macs still infected late last week, which is considerably higher than the number reported by Symantec and Kaspersky Labs.

Both Symantec and Kaspersky Labs reported a substantial decrease in the number of infected Macs, which were estimated to be at around 650,000 systems at its peak. Late last week Symantec had reported that the Flashback botnet had shrunk to 270,000 infected systems, while Kaspersky reported 237,000 systems.

Dr. Web is now saying that these numbers aren’t accurate and believes that at the greatest extent of the Flashback botnet, 817,000 systems were infected with an average of 550,000 contacting the command and control servers during any 24-hour period.

Dr. Web believes that the discrepancy in estimates has to do with interception by an unnamed entity to block the botnet’s activity. Infected bots connecting to a server at 74.207.249.7 were put into a suspended state, which made them no longer able to communicate and be registered by security company sinkholes.

Intego, a security firm specializing in Macs, agrees with Dr. Web’s claim that Flashback’s infection numbers have been underestimated.