There’s some good news and some bad news in
Mac malware land: the number of machines estimated to be infected has dropped, but that number hasn’t gone down as fast as experts expected.
In a blog post today, software maker and security firm Symantec lowered its estimate of machines that still have the malware to 140,000, which is down considerably from estimates of more than 600,000 less than two weeks ago. Even so, the firm said it was expecting a lower tally.
“The statistics from our sinkhole are showing declining numbers on a daily basis. However, we had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case,” the company wrote.
The lowered expectations were due, in part to Apple releasing two separate software tools to users last week that both detect and remove the malware. Additionally, ahead of those official tools, Symantec, and security firms F-Secure and Kaspersky released their own detection and removal software.
Flashback is a form of malware designed to grab passwords and other information from users through their Web browser and other applications. A user typically mistakes it for a legitimate browser plug-in while visiting a malicious Web site. At that point, the software installs code designed to gather personal information and send it back to remote servers. In its most recent incarnations, the software used a security loophole to install itself without user interaction.
After being discovered by Russian antivirus company Dr. Web earlier this month, the malware’s prevalence was verified by several security firms, which noted that infections have been on the decline. Last week Symantec estimated around 270,000 machines to be infected with the malware worldwide.
As we’ve mentioned before, the malware targeted a vulnerability in Java, making it cross-platform threat (meaning it could affect PC users). Nonetheless, estimates — particularly one from Kaspersky Lab earlier this month — pegged more than 98 percent of those infected to be running Apple’s OS X, due in no small part to the vulnerability being patched for other platforms first.
If you’re looking for more information on the malware, and how to remove it, be sure to read CNET’s FAQ.
View full post on National Cyber Security » Virus/Malware/Worms
