Home > Info Tech news, IT Security, IT Security News > Russian Security Firm Says Flashback Botnet Is Not Shrinking

Russian Security Firm Says Flashback Botnet Is Not Shrinking

By Kevin McLaughlin, CRN April 23, 2012 4:34 PM ET

Contrary to recent reports, the worldwide botnet of Macs infected with the Flashback malware has remained relatively steady in size, the Russian security vendor Dr. Web said over the weekend.

Dr. Web discovered the botnet — which it calls BackDoor.Flashback.39 — on April 4. It claims that more than 817,000 bots have connected to the botnet thus far, and that an average of 550,000 infected machines are interacting with a command-and-control server each day.

New infected machines that have not yet been registered in the botnet — and which cannot yet be tracked — are joining every day, according to Dr. Web.

Dr. Web’s latest findings contradict those of Symantec and Kaspersky Lab, which earlier this month reported that the Flashback botnet had shrunk to less than half its peak size of 650,000 infected machines due to Apple’s work with Internet service providers to take down command-and-control servers and the release of malware removal tools from third parties.

However, Dr. Web says these findings are inaccurate because they rely on the analysis of data from hijacked botnet control servers. After conducting its own analysis, Dr. Web found that aadditional control servers have come online, and some bots had been switched to standby mode, which means the botnet is larger than Symantec and Kaspersky claim.

“This is the cause of controversial statistics — on one hand, Symantec and Kaspersky Lab reported a significant decline in the number of BackDoor.Flashback.39 bots,” Dr. Web researchers said in the blog post. “On the other hand, Doctor Web repeatedly indicated a far greater number of bots which didn’t tend to decline considerably.”

“Doctor Web once gain warns Mac OS X users of the BackDoor.Flashback.39 threat and strongly recommends you to install Java updates and scan the system to determine whether it has been infected,” the company said in the blog post.

Apple issued a patch for the Java vulnerability April 4, but security researchers criticized the company for its slow response to the issue, which was first reported in February.

via Russian Security Firm Says Flashback Botnet Is Not Shrinking.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: