X

Flashback malware infections drop to 30,000 Macs

The Flashback malware threat for OS X is on a steep decline, but still underscores that Mac systems are not immune to threats.

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
Topher Kessler
3 min read

UPDATE: New developments suggest the malware threat may not be as contained as previously thought.

The Flashback threat for OS X has been one of the biggest malware attacks on the platform to date, with an estimated 1 percent, or around 600,000 Mac systems, being affected at the peak of the malware's activity on April 9, 2012. Further analysis of the threat by security firm Kindsight has suggested that up to 1 in every 15 households with Macs in the U.S. may have been affected by this malware.

Since the initial reports of the Flashback findings, a number of security firms and Apple issued removal tools and software updates which, along with instructions such as our own on manually detecting and removing the malware, have progressively put a damper on the spread of the malware and severely cut into the number of infected systems.

These efforts have been very successful. On April 17 Symantec released an estimate that the malware infection had dropped to 140,000 systems, but today Kaspersky labs has further demonstrated the effectiveness of these efforts with new numbers that estimate the infection has dropped to around 30,000 systems.

Graph of Flashback infections over time
The number of Mac systems infected with the Flashback malware has significantly dropped since its peak about 10 days ago (numbers courtesy of Symantec and Kaspersky). Topher Kessler/CNET

The communal effort to help affected users remove the malware from their systems has resulted in a 95 percent drop in the number of infections within 10 days of its peak, with these numbers continuing to drop every day.

Despite this decline, the Flashback malware has underscored that the Mac platform is not immune to malware threats, and that if given the opportunity, criminals will attack it.

Even though this latest attack at its core was enabled by a third-party Java component to Apple's OS X operating systems, the updates to this component were managed by Apple, and its neglect of Java in recent years left this vulnerability open. Apple is nevertheless taking efforts to secure OS X, with upcoming technologies like GateKeeper that prevent all but specifically trusted programs from running on the system.

Despite Apple's upcoming security measures for OS X, there will always be those testing the system and attempting to break them down, or even use old and patched vulnerabilities to spread malware to systems that have not been updated. As a result, even though OS X has been a fairly malware-free operating system and even with these latest threats, the Mac still only receives a fraction of the criminal attention that is focused on Windows, people who use OS X should be aware that threat attempts will not go away and will likely only increase as OS X gains more of a footing in the industry.

Because of this, OS X users should ensure they run their systems in the most secure configuration as possible and not rely on Apple or anyone else to do so for them. Luckily this is really not that difficult to do, and for the most part only takes checking a few aspects of your system. Recently CNET editor Seth Rosenblatt discussed some easy security options for Mac systems, which include enabling the OS X Firewall, using anti-malware tools to monitor for the presence of known threats, and running day-to-day activities in standard user accounts instead of administrative ones.

In addition, you can step a little further to enhance security on your Mac by installing a reverse firewall like VirusBarrier X6 or Little Snitch, which can help identify rogue programs that try to contact remote servers. You can also help stem malware attacks by only downloading software updates from the developer's Web sites, and by monitoring your Mac's LaunchAgent folders, which are common starting points for malware attempts because they are used to automatically run and schedule scripts for the system.

UPDATED: April 20, 4:30pm -- New reports suggest the Flashback malware reporting techniques have underestimated the number of infected systems, and part of the reason we have observed a decline in the numbers has been because the malware may be programmed to stop contacting the command & control servers and sinkholes so far used to estimate the extent of the spread. These new findings suggest that while the malware may still be active, we ultimately do not have a firm handle on how many systems have been infected and the rate of decline. Therefore, be sure to keep your systems updated, scanned, and proactively protected from this and future threats.



Questions? Comments? Have a fix? Post them below or email us!
Be sure to check us out on Twitter and the CNET Mac forums.