The number of active Flashback botnet infections has been cut to below 300,000, as Apple and the security industry succeed in tackling the estimated 650,000 Mac machines riddled with the malware.
Symantec said today the number of bots had been cut to 270,000 as of 11 April, whilst yesterday Kaspersky said the number had been reduced to 237,103 as of 8 April. Almost all infected machines are Apple Macs.
Security firms have set up sinkholes to direct bots to their own servers rather than the hackers’ command and control (C&C) ones. The OSX.Flashback.K malware uses a domain name generator (DNG) algorithm to generate a new domain each day to contact the C&C servers, but security firms have managed to acquire the names of those domains in advance before sinkholing them.
Although Apple has moved to cut infections by working on a Flashback removal tool – something some security firms and other developers have already done – the Mac maker has come under fire for not being quicker to react to Flashback.
Rik Ferguson, director of security research and communication at Trend Micro, said Apple’s security updates are issued too slowly and not an any regular schedule.
“In this particular example, the most recent security update contains fixes for many vulnerabilities. The specific fix in question comes about six weeks after Microsoft, Adobe and Oracle released their fixes,” Ferguson told TechWeekEurope.
“It is misguided to believe that the simple act of not talking about publicly disclosed, and worse actively exploited, vulnerabilities will protect your customer. Criminals follow vulnerability trends and abuse them as soon as code is available.
“Should Apple start patching more quickly? In general terms, yes and particularly where an exploit is in-the-wild. This is certainly one area where Apple could learn a few lessons from the much abused Microsoft, in terms of the release of security bulletins detailing vulnerabilities and applying a graded rating system.”
Apple has said it plans to kill the botnet completely, however, as it said it was working with ISPs across the world to end Flashback completely. The company’s first steps created something of a snafu, however, as it asked for one of security company Dr Web’s domains to be closed. The domain was being used by Dr Web as part of its sinkhole operation.
Think you know security? Test yourself with our quiz.
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…
View Comments
With Apple's growing popularity the myth of the secure Mac is being exposed.
Macs are perfect targets for viruses because the only people who can patch it are Apple and they are notoriously lazy.