Despite all of the media coverage, free "detect & destroy" tools offered by multiple antivirus vendors and Apple releasing system updates to both remove the malware and patch the Java vulnerability that helped it infect over half-a-million Macs, Symantec says that there are still over 140,000 OS X machines infected by Flashback.
“The statistics from our sinkhole are showing declining numbers on a daily basis,” Symantec researchers wrote in a Thursday blog post, “However, we had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case.”
Symantec researchers stated that the domain name for the botnet’s command & control server changes on a daily basis, and that it’s not limited to using “.com” as the top-level domain: .in, .info, .kz and .net top-level domains are used as well.
Flashback has not gone without upgrades either. Symantec researchers pointed out that Flashback is capable of using Twitter to retrieve updated C&C locations by searching for specific hashtags generated by Flashback.K’s hashtag algorithm. How’s that for being resourceful?
Mac users that have not bothered updating their system with the latest Java updates from Apple should do so immediately.
As we’ve previously mentioned, Flashback isn’t the only piece of malware looking to exploit Java vulnerabilities in order to infect Macs. The Sabpab Trojan also exploits the SE Remote Java Runtime Environment Denial of Service Vulnerability (CVE-2012-0507) in order to infect OS X machines.
Update 4/23 - There have been conflicting reports of how many Macs remain infected by the Flashback Trojan. Researchers over at Intego have discovered that DNS redirection may be playing a role in the conflicting reports. Check out what they have to say.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.