Malware Caught: Flashback on Wane

Thursday, April 19, 2012 @ 03:04 PM gHale

Flashback malware is on the decline for Mac machines.

Software maker and security firm Symantec lowered its estimate of machines that still have the malware to 140,000, which is down from estimates of more than 600,000 less than two weeks ago. Even with that good news, Symantec was not jumping for joy as they were expecting an even lower total.

RELATED STORIES
Attack Vector: Phishing Real or Phony?
Tool to Counter Cyber Threats
Utilities Under Daily Attack
Security Firm Finds Attack Signs

“The statistics from our sinkhole are showing declining numbers on a daily basis. However, we had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case,” the company said.

The lowered expectations were due, in part to Apple releasing two separate software tools to users last week that both detect and remove the malware. Additionally, ahead of those official tools, Symantec, and security firms F-Secure and Kaspersky released their own detection and removal software.

Flashback is a form of malware designed to grab passwords and other information from users through their Web browser and other applications. A user typically mistakes it for a legitimate browser plug-in while visiting a malicious Web site. At that point, the software installs code designed to gather personal information and send it back to remote servers. In its most recent incarnation, the software used a security loophole to install itself without user interaction.

After Russian antivirus company Dr. Web found it earlier this month, several other security firms verified the malware’s prevalence. Last week Symantec estimated around 270,000 machines suffered from the infection on a worldwide basis.

The malware targeted a vulnerability in Java, making it cross-platform threat (meaning it could affect PC users). Nonetheless, estimates — particularly one from Kaspersky Lab earlier this month — pegged more than 98 percent of those infected to be running Apple’s OS X, due in no small part to the vulnerability patched for other platforms first.