The number of active Flashback botnet infections has been cut to below 300,000, as Apple and the security industry succeed in tackling the estimated 650,000 Mac machines riddled with the malware.
Symantec said today the number of bots had been cut to 270,000 as of 11 April, whilst yesterday Kaspersky said the number had been reduced to 237,103 as of 8 April. Almost all infected machines are Apple Macs.
Security firms have set up sinkholes to direct bots to their own servers rather than the hackers’ command and control (C&C) ones. The OSX.Flashback.K malware uses a domain name generator (DNG) algorithm to generate a new domain each day to contact the C&C servers, but security firms have managed to acquire the names of those domains in advance before sinkholing them.
Although Apple has moved to cut infections by working on a Flashback removal tool – something some security firms and other developers have already done – the Mac maker has come under fire for not being quicker to react to Flashback.
Rik Ferguson, director of security research and communication at Trend Micro, said Apple’s security updates are issued too slowly and not an any regular schedule.
“In this particular example, the most recent security update contains fixes for many vulnerabilities. The specific fix in question comes about six weeks after Microsoft, Adobe and Oracle released their fixes,” Ferguson told TechWeekEurope.
“It is misguided to believe that the simple act of not talking about publicly disclosed, and worse actively exploited, vulnerabilities will protect your customer. Criminals follow vulnerability trends and abuse them as soon as code is available.
“Should Apple start patching more quickly? In general terms, yes and particularly where an exploit is in-the-wild. This is certainly one area where Apple could learn a few lessons from the much abused Microsoft, in terms of the release of security bulletins detailing vulnerabilities and applying a graded rating system.”
Apple has said it plans to kill the botnet completely, however, as it said it was working with ISPs across the world to end Flashback completely. The company’s first steps created something of a snafu, however, as it asked for one of security company Dr Web’s domains to be closed. The domain was being used by Dr Web as part of its sinkhole operation.
Think you know security? Test yourself with our quiz.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
With Apple's growing popularity the myth of the secure Mac is being exposed.
Macs are perfect targets for viruses because the only people who can patch it are Apple and they are notoriously lazy.