1 in 15 households with Macs are infected with Flashback

On April 4th, Dr Web, a Russian anti-virus vendor, reported that over 550,000 Mac OSX machines were infected with the Flashback bot. The malware is spread via a Java applet that is a fake update for the Adobe Flash Player. This downloads and installs the malware, which then connects to a C&C server to await additional instructions.

A couple of days later Kaspersky reported that they used passive OS fingerprinting techniques to verify that over 98% of these infections were from computers running OSX. Kindsight Security Labs has confirmed these findings and estimates that 6.9% of North American households with a Mac computer have been infected with this malware.

An analysis of network infection statistics from North America showed that 0.75% of home networks were infected with the Flashback malware. Passive OS fingerprinting of the network traffic that generated the alerts confirmed that 99% of these infections were from home networks with at least one computer running Mac OSX. While we cannot measure the percentage of the computers running Mac OSX, if you use the 10.92% market share in North America for Apple as reported by IDC Worldwide Quarterly PC Tracker, January 11, 2012, this allows us to estimate that about 6.9% of the home networks with at least one Mac are infected. That’s more than 1 in 15.

The pie chart below show the typical home network infection rates over the past 30-days for Windows computers in the same network environment and compares this to the Flashback infection. The infection rate for Flashback is more than half of infection rate we see for all Windows malware.

Home Networks infected with Windows vs Flashback Malware

This demonstrates how vulnerable Mac computers can be when cybercriminals decide to target them. The main reasons for this issue is that Apple users have false sense of security around Mac computers because there have been a fraction of the number of infections that target OSX when compared to Windows. This has led to anti-virus software being installed and updated on very few Mac computers, which makes it easy for a hacker to infect the system when and if they decide to target Mac computers.

As Apple market share continues to increase, Mac users need to be aware of these potential issues and install anti-virus software on their systems or deploy other security techniques such as network-based detection of malware. For more information about the infection and what to do about it see the MacWorld article “What you need to know about the Flashback Trojan”.

Additional technical information can be found at:

By Kevin McNamee, Kindsight Security Labs