The number of active Flashback botnet infections has been cut to below 300,000, as Apple and the security industry succeed in tackling the estimated 650,000 Mac machines riddled with the malware.
Symantec said today the number of bots had been cut to 270,000 as of 11 April, whilst yesterday Kaspersky said the number had been reduced to 237,103 as of 8 April. Almost all infected machines are Apple Macs.
Security firms have set up sinkholes to direct bots to their own servers rather than the hackers’ command and control (C&C) ones. The OSX.Flashback.K malware uses a domain name generator (DNG) algorithm to generate a new domain each day to contact the C&C servers, but security firms have managed to acquire the names of those domains in advance before sinkholing them.
Although Apple has moved to cut infections by working on a Flashback removal tool – something some security firms and other developers have already done – the Mac maker has come under fire for not being quicker to react to Flashback.
Rik Ferguson, director of security research and communication at Trend Micro, said Apple’s security updates are issued too slowly and not an any regular schedule.
“In this particular example, the most recent security update contains fixes for many vulnerabilities. The specific fix in question comes about six weeks after Microsoft, Adobe and Oracle released their fixes,” Ferguson told TechWeekEurope.
“It is misguided to believe that the simple act of not talking about publicly disclosed, and worse actively exploited, vulnerabilities will protect your customer. Criminals follow vulnerability trends and abuse them as soon as code is available.
“Should Apple start patching more quickly? In general terms, yes and particularly where an exploit is in-the-wild. This is certainly one area where Apple could learn a few lessons from the much abused Microsoft, in terms of the release of security bulletins detailing vulnerabilities and applying a graded rating system.”
Apple has said it plans to kill the botnet completely, however, as it said it was working with ISPs across the world to end Flashback completely. The company’s first steps created something of a snafu, however, as it asked for one of security company Dr Web’s domains to be closed. The domain was being used by Dr Web as part of its sinkhole operation.
Think you know security? Test yourself with our quiz.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
With Apple's growing popularity the myth of the secure Mac is being exposed.
Macs are perfect targets for viruses because the only people who can patch it are Apple and they are notoriously lazy.