updated 03:00 am EDT, Wed April 18, 2012
Now under 100,000 units, falling fast
The Java-exploiting malware OSX.Flashback.K variant has ceased to be a meaningful threat to Mac owners, and the number of infected Macs has dropped to one-sixth its high point in just over a week, reports utility vendor Symantec. The malware, which was the most successful attack thus far in the Mac world due to a slow updating of Java, was never much of an actual security threat but did manage to reach around one percent of installed base, a record for malware penetration.
A number of factors have played a role in reversing the malware's course, primarily some quick action from Apple once the Trojan's infection rate began to rapidly increase. In part, however, Apple's lethargy in pushing out an update to Java (Oracle had corrected the flaw about six weeks earlier) is at least partially why the malware was so successful in the first place.
Still, the company was finally roused to become aggressive about the problem, and quickly posted three slightly-revised updates to Java as well as its own detection and removal tool, including a version for Lion users who hadn't installed Java. It also went after servers that the malware was attempting to reach, asking authorities for help in shutting down suspect servers.
Symantec says that the number of still-infected Macs is estimated to be under 100,000, which it measures through attempts to contact the disabled command-and-control servers that had hoped to employ exploited Macs in a "botnet" to search for identity information and send it to external sources. The servers were very quickly identified and disabled thanks to early efforts by authorities and anti-virus companies who have experience dealing with previous Flashback variants.
The vulnerabilities that were exploited by Flashback have now also been seen in Microsoft Word documents and a new variation of the Flashback exploit called Sabpab, but these are considered to be extremely minor and diminishing threats. The primary danger is from older Macs still in service that cannot update to the latest versions of Java. Users of those OS X versions are recommended to disable Java entirely.