According to Symantec researchers, the number of computers infected with the Flashback malware has dropped to approximately 140,000.
Still, the researchers say they had expected the number to be far lower. “As there have been tools released by Symantec and other vendors in the past few days concerning this threat, the infection numbers should have seen a dramatic decrease by now,” the researchers wrote in a blog post.
“The lowered expectations were due, in part to Apple releasing two separate software tools to users last week that both detect and remove the malware,” writes CNET News’ Josh Lowensohn. “Additionally, ahead of those official tools, Symantec, and security firms F-Secure and Kaspersky released their own detection and removal software.”
“It’s possible that many of the remaining Macs infected with the Flashback trojan are running older versions of OS X where the Java security updates aren’t available,” writes The Mac Observer’s Jeff Gamet. “Since Apple doesn’t support versions of OS X 10.5 and earlier, older OS X users can disable Java, or can consider installing virus protection software to help block the trojan.”
“Symantec’s most-recent analysis also turned up another interesting tidbit regarding the trojan, which so far doesn’t seem to be performing any information-stealing actions,” writes SC Magazine’s Dan Kaplan. “Researchers found that it can receive updated information via Twitter about which command-and-control servers to contact for additional instructions.”
“Although Flashback’s infection numbers were first reported this month, the underlying Java vulnerability had been patched by Oracle in February,” writes PCWorld’s Jared Newman. “As a result, Apple has faced criticism for being quick to point out the security of Mac OS X, but slow to address security problems, however rare they may be.”