Ok, guys, it’s time to update your Mac and help bring down the Flashback trojan malware infection rate.
Per CNET, following an effort to estimate how many Macs remain infected with the Flashback malware, the data from these monitoring efforts have suggested that despite early reports of the malware levels sinking rapidly from efforts by Apple, news organizations, and anti-malware companies, the levels of infections appears to be remaining constant.
The spread Flashback malware was facilitated by a neglected security hole in Apple’s Java runtime for OS X, and at its peak had infected around one percent of Mac systems. To tackle the spread of the malware, initially news organizations covered methods for manually removing the malware, followed by security companies issuing malware removal tools to facilitate this process. Apple then released a series of Java updates to close the vulnerability and also scan for and remove known instances of the malware.
During the time of these infections, security companies set up sinkhole servers and other techniques to monitor the network traffic from the Flashback infections, and determine how many unique computers had been infected with the malware. Following the peak of the malware infection on August 6, initial reports from the anti-malware efforts suggested the infection rates had dropped significantly, with the number of infected Macs decreasing to a reported low of 30,000 in 10 days. However, despite these claims the malware has remained active, and adjustments have had to be made to these numbers.
Following the reports of success at tackling the malware, security company Dr. Web revealed errors in the malware estimation calculations and suggested that the number of infected systems was in fact much higher. Security companies followed this news with more conservative estimates that suggested a more shallow fall in the malware, to an estimated 140,000 systems in late April.
Despite the higher numbers, the number of malware infections did fall from its peak, though while some have hoped the number to fall far lower, the malware appears to have fallen to a revolving infection rate of just over 100,000 Mac systems. In a new report by Intego, the company claims that in the past week it has observed the following numbers from its sinkhole operation:
04/30/2012 – 102,769 infected Macs
05/01/2012 – 96,948 infected Macs
05/02/2012 – 103,779 infected Macs
05/03/2012 – 121,826 infected Macs
05/04/2012 – 102,375 infected Macs
05/05/2012 – 118,593 infected Macs
05/06/2012 – 113,909 infected Macs
Intego notes that these numbers are only the active infections it monitors on a day-to-day basis, and is not the total number of Macs infected. The malware is only active when a user logs in and thereby suggests that this activity difference reflects a steady state variance in when people are using their Macs, which will revolve as Macs are used more in some parts of the world than at others. Therefore the total number of infected systems will likely be much higher at around the 140,000 of previous recent estimates.
Intego has further noted that despite the initial impact in the malware’s activity by community efforts, the numbers appear to no longer be declining and show indications that they may even be increasing. Intego speculates the reason for this is that a small percentage of users have not taken any effort to either update their systems, but it may be more than just updating. Apple has only offered updates and malware removal options for OS X 10.6 and above (its supported versions). However, this malware will infect systems with older versions of OS X, so even if the older versions have been kept up to date, they will be left vulnerable without Apple issuing a proper Java fix. Not only can they still contain the malware, but they also will be subject to new infections by any of its variants.
In short, if you have a Mac running Mac OS X 10.6 or later, please update the Java updates via Mac OS X’s built-in Software Update feature. And for Apple, well, a Flashback removal update for Mac OS X versions previous to Mac OS X 10.6 or later wouldn’t hurt…