Flashback discoverer bucks claims of malware's decline

This is a discussion on Flashback discoverer bucks claims of malware's decline within the Apple News forums, part of the Apple News Room category; In a status report released on Friday, the Russian security firm that first discovered the Flashback trojan disagrees with recent findings from Symantec and Kaspersky ...

Results 1 to 2 of 2
  1. #1
    Administrator
    Join Date
    Jul 2011
    Location
    Northern Michigan
    Posts
    25,446
    Member #
    1529
    Liked
    317 times

    Flashback discoverer bucks claims of malware's decline

    In a status report released on Friday, the Russian security firm that first discovered the Flashback trojan disagrees with recent findings from Symantec and Kaspersky Labs, warning that the number of machines affected by the malware is not declining.

    Citing data from its own analysis of the largest Mac botnet to date, Dr. Web notes that around 650,000 computers are still affected, which is stark contradiction to the 30,000 number provided by well-known security companies Symantec and Kaspersky.

    Analysts from the Russian firm researched the discrepancy and found that the raw data coming in from the larger companies' servers were likely inaccurate due to Flashback's use of complex domain name creation techniques and a unique TCP connection operation that effectively masks bots from command and control servers.

    "BackDoor.Flashback.39 uses a sophisticated routine to generate control server names: a larger part of the domain names is generated using parameters embedded in the malware resources, others are created using the current date. The Trojan sends consecutive queries to servers according to its pre-defined priorities."

    When the malware was first discovered in early April, Dr. Web registered for the main domains used as Flashback command servers while other security firms most likely use "hijacked servers" that are in this case less reliable. The report explains that Flashback's mode of operation allows its network of bots to go largely unnoticed by the hijacked servers which could be the reason for the precipitous drop reported this week that saw the number of affected machines fall from 140,000 to 30,000.





    "On April 16th additional domains whose names are generated using the current date were registered. Since these domain names are used by all BackDoor.Flashback.39 variants, registration of additional control server names has allowed to more accurately calculate the number of bots on the malicious network, which is indicated on the graph."

    Dr. Web notes that the trojan send requests to a server run by an unidentified third party, which in turn communicates with the bots but fails to close the TCP connection. This action is critical to researchers as it puts the bots in standby mode which means they do not communicate with other command servers monitored by information security specialists.





    There has been no response by Symantec or Kaspersky Labs and their respective website still reflect a "Very Low" threat level from the Flashback trojan.

    The first iteration of the malware appeared in 2011 disguised as an Adobe Installer, and later morphed into the current self-installing version that was seen on 600,000 Macs worldwide. Following installation, Flashback harvests sensitive data like user IDs, passwords and web browsing history and sends the information to an off-site server.

    Apple has responded to the malware by releasing a number of software updates, including a specially-designed Flashback removal tool, over the past two weeks.

    4-20-12

    Source

  2. Ads

    Posts
    Many

  3. #2
    Administrator
    Join Date
    Jul 2011
    Location
    Northern Michigan
    Posts
    25,446
    Member #
    1529
    Liked
    317 times

    Flashback Trojan Discoverer Reveals That 650,000 Macs Are Still Infected

    UPDATE



    Flashback is still far from dead



    The Flashback saga has yet to reach its end, as a recent report debunks earlier claims that the number of infected Macs had fallen from 600,000 to 140,000 over a matter of a few days. Apple released a security tool to combat Flashback last week, and Norton Symantec reported that the number of infected machines had fallen to 140,000 shortly after. That number has been proven to be inaccurate.

    In an interesting turn of events, the original Flashback whistleblower, Russian security firm Dr. Web, has revealed that around 650,000 Macs are still infected with the notorious trojan. Not only are there many Macs connected to the botnet that were previously unaccounted for, but more OS X computers are added every day.





    Dr. Web sounded the alarm earlier this month saying that 600,000 Macs were part of the Flashback botnet. The firm estimates that 817,879 total Macs have been infected by Flashback at some point. The botnet spreads itself by exploiting browser click fraud scams and vulnerabilities in Apple’s Java that have since been reportedly patched.

    With all of the third-party security tools Apple’s own updates that have been released to combat Flashback, you’d think that the trojan would be starting to die off. Due to the tricky way Flashback pings its host severs, other researchers were not able to completely track the botnet’s growth. According to Dr. Web:

    This is the cause of controversial statistics — on one hand, Symantec and Kaspersky Lab reported a significant decline in the number of BackDoor.Flashback.39 bots, on the other hand, Doctor Web repeatedly indicated a far greater number of bots which didn’t tend to decline considerably.

    Symantec has since updated its post to reflect Dr. Web’s newest data.

    If you haven’t already, update your Mac with Apple’s latest security patch and check to see if you’ve been infected with Flashback. If anything, these numbers indicate that many Mac users are bad at keeping their computers up to date. Apple has released a total of 3 security patches to combat Flashback this month, and the last update will remove the trojan from any infected machine entirely.

    4-23-12

    Source

Remove Ads

Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Replies: 0
    Last Post: 04-20-2012, 03:59 PM
  2. Replies: 2
    Last Post: 04-14-2012, 12:49 PM
  3. How to Check for the Flashback Trojan in Mac OS X
    By sparkyscott21 in forum Mac OS X
    Replies: 9
    Last Post: 04-12-2012, 02:55 AM
  4. 8 Simple Tips to Secure a Mac from Malware, Viruses, & Trojans
    By sparkyscott21 in forum OS X How-To's, Tutorials, Tips & Tricks
    Replies: 1
    Last Post: 04-09-2012, 03:34 PM
  5. Smartphone Sales Decline: Good News for Apple, ‘Ominous’ Trend for Android
    By sparkyscott21 in forum Apple Forums Member News Depot
    Replies: 1
    Last Post: 11-30-2011, 03:25 PM

Contact Us
Back to top