Apple last week released a software tool enabling users to rid their machines of the increasingly sophisticated and stealthy Flackback malware. Before the tool was released, security experts estimated that more than 600,000 Mac users worldwide were infected, including 200 some machines at Apple’s Cupertino campus.
One week later, security firms have some big disagreements regarding how many Mac users remain infected. The Kapersky firm initially said that 30,000 Macs remain infected while Dr. Web, the security firm which first discovered the malware, claims that over 500,00 Macs remain infected with the malware.
Doctor Web’s virus analysts continue to monitor the largest to date Mac botnet discovered by Doctor Web on April 4, 2012. The botnet statistics acquired by Doctor Web contradicts recently published reports indicating a decrease in the number of Macs infected by BackDoor.Flashback.39 The number is still around 650,000.
According to Doctor Web, 817 879 bots connected to the BackDoor.Flashback.39 botnet at one time or another and average 550 000 infected machines interact with a control server on a 24 hour basis. On April 16, 717004 unique IP-addresses and 595816 Mac UUIDs were registered on the BackDoor.Flashback.39 botnet while on April 17 the figures were 714 483 unique IPs and 582405 UUIDs. At the same time infected computers, that have not been registered on the BackDoor.Flashback.39 network before, join the botnet every day. The chart below shows how the number of bots on the BackDoor.Flashback.39 botnet has been changing from April 3 to April 19, 2012.
Again, if you believe you’ve been infected, download Apple’s removal tool as soon as possible. It patches up the Java security hole by disabling the automatic execution of Java applets.
To check if you’ve been infected, Kapersky has a free online tool (no download required) that lets you see if you’ve been burnt.