Flashback Trojan Infection Bad as Ever: Is Apple Losing the Malware War?

By Alexandra Burlacu | Apr 21, 2012 01:23 PM EDT

Share This Story

  • Print
  • Email

While many security companies reported that the number of Flashback infected Macs is shrinking, Russian antivirus firm Dr. Web tells a different story. Dr. Web was the first to report the malware attack against Apple's OS X in early April. On Friday, April 20, the Web security firm said that the pool of Flashback-infected Macs is still high around the 650,000 mark, and infections continue to occur.

Follow us

"The botnet statistics acquired by Doctor Web contradict recently published reports indicating a decrease in the number of Macs infected by BackDoor.Flashback.39. The number is still around 650,000," Dr. Web said in its Friday blog post.

American antivirus software company Symantec reported on Tuesday that the Flashback botnet infection has been reduced to just 140,000, a dramatic decrease from the estimated 600,000 in early April.

During a conference call with information-security specialists and journalists on Thursday, Kaspersky Lab, another Russian antivirus company, estimated that the Flashback botnet has dropped to only 30,000 machines. Dr. Web thinks it has found the reason behind such stark discrepancies in numbers.

Reasons for Discrepancy

"Recent publications found in open access report a reduction in the number of BackDoor.Flashback.39 bots. Typically, these materials are based on analysis of statistics acquired from hijacked botnet control servers. Doctor Web's analysts concluded a research to determine the reasons for this discrepancy," reads the company's blog post.

Dr. Web's blog post continues to explain how machines infected by the Flashback malware generate new domain names for command-and-control (C&C) servers. They do this by using pre-arranged algorithms that allow information-security companies to set up "sinkhole" servers, designed to capture and measure botnet traffic.

After running through the list of potential C&C servers, each infected machine then fires a request to a specific server. Instead of using a generated domain name, that server uses a static Internet Protocol (IP) address. The server does reply to the infected machine, but it also keeps the connection open, which means the infected machine cannot communicate with any other C&C servers. According to both Dr. Web and Symantec, a specific sinkhole at IP address 74.207.249.7 was failing to close TCP connections after communicating with infected machines. Dr. Web posted a screenshot to illustrate this. As a result, the infected machine is put in standby.

"Bots switch to the standby mode and wait for the server's reply and no longer respond to further commands," explains the blog post. "As a consequence, they do not communicate with other command centers, many of which have been registered by information security specialists."

Symantec Agrees Dr. Web's Analysis is Accurate

Following the release of Dr. Web's latest estimate, Symantec agreed that Dr. Web's argument was valid, and updated its post. Symantec researchers now believe they "are receiving limited infection counts" for that Flashback Trojan. "We now believe that their analysis is accurate, and that it explains the discrepancies," Liam O Murchu, manager of operations at Symantec's security response center, told Computer World.

Earlier this month, Apple had issued a Flashback removal tool to block the Flashback malware installation and remove any instances of it, but has not commented on the infection. For now, only Apple knows how many Macs have actually applied the software patches. Mac users are advised to apply Apple's software updates and install antivirus software to avoid further infections.

(reported by Alexandra Burlacu, edited by Dave Clark)

 

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Ericsson Announces World-Leading Launches Ahead of Mobile World Congress 2014

Join Our Conversation

Smartphones
LG G3 leaked UI screenshotsLG G3 UI screenshots leak, confirm QHD resolution of 2560 x 1440 pixels
Apple releases latest iOS 7.1.1 update - Here’s what it brings
HTC One M8 Mini reportedly headed to Verizon – Will it be another exclusive?
LG G Watch officially detailed, coming in Champagne Gold and Stealth Black color options
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Chrome Remote Desktop app for AndroidChrome Remote Desktop for Android now available for free from Google Play
Adobe Lightroom mobile hits the iPad, coming soon to iPhones
Apple updates Mac iWork for iCloud suite – What’s new in Pages, Numbers and Keynote?
Microsoft launches Office for iPad, makes Office Mobile free on Android and iPhones
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps