Andre Yoskowitz
22 Apr 2012 0:57
Dr. Web, the Russian firm which first broke the story of the Flashback botnet running rampant on Macs, has said this weekend that the infection is not shrinking as claimed, and is instead growing.
Several security companies, like Kaspersky and Symantec, had claimed this week that the botnet is shrinking but Dr. Web says that number is still around 650,000, at least.
Symantec, makers of Norton, confirmed Dr. Web's figures later in the day despite their earlier miscalculation. On Wednesday, Symantec said the botnet had shrunk by 60 percent to 140,000 machines infected, while Kaspersky said 30,000. After discussions, Symantec had this to say: "We've been talking with them about the discrepancies in our numbers and theirs. We now believe that their analysis is accurate, and that it explains the discrepancies."
Apple has already patched the Java vulnerability that led to the exploit and is working on a "Flashback removal tool" to help those already infected.
The systems are infected with BackDoor.Flashback.39 "after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system." JavaScript code will then be run with the exploit. There are still thousands of compromised web-pages.