Flashback Still Festering on 140,000 Machines

The Flashback Trojan that was at one stage sitting inside 650,000 machines has been cut back to 140,000 infections, indicating many are yet to take advantage of the updates issued by Apple.

The Mac maker issued a slew of Java updates that should have killed off the problem, whilst security companies rushed to push out Flashback killers. Most of the infections were of Apple Mac systems.

Flashback to the future

Symantec, the security giant that determined the 140,000 figure, said it was surprised how many machines still contained Flashback.

“We had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case,” the company said in a blog post. “As there have been tools released by Symantec and other vendors in the past few days concerning this threat, the infection numbers should have seen a dramatic decrease by now.”

Symantec also discovered the Trojan was being updated with some interesting new skills. One of them allows it to retrieve command and control (C&C) locations from Twitter posts by searching for specific hashtags generated by the OSX.Flashback.K hashtag algorithm.

Apple’s latest move to kill Flashback saw the iPhone maker release a new version of Java for Mac OS X 10.7 and 10.6 that erases known variants of Flashback, whilst automatically disabling Java when it has not been in use for the last 35 days.

Meanwhile, another Mac-focused Trojan has emerged in the form of SabPub. Russian security firm Kaspersky said it had seen the malware being used in Advanced Persistent Threat (APT) attacks.

Think you know security? Test your knowledge with our quiz!