Mac Infection “Flashback” Jumps to Number One

For the first time ever, malware targeting the Macintosh platform is in the number one position on the Kindsight Security Labs home network infections list. Our detection statistics for the month of April show that about 10% of homes with Mac computers were infected with this malware which is an increase from the 7% reported last month.

Because of this ongoing high infection rate, we took a closer look on a daily basis at the number of home networks infected. The graph below shows the percentage of homes that have Macs that are still infected over the last 4 weeks. This detailed analysis shows that even though the infection rate is on the decline, it is still significant (3-6%).

Flashback infections

We also learned from this analysis that 30% of the infected computers are communicating with a C&C server in Russia. This could be a sinkhole operated by the Russian antivirus company, Dr Web, who has been tracking the outbreak since the beginning of April. 60% are communicating with 5 C&C servers running on web hosting services in the US. Some of these could also be sinkholes operated by security researchers. Of the remainder, 7% are talking to a server in Ireland and 3% to a server in France.

Compounding the fact that this infection does not seem to be going away quickly despite the efforts of Apple and other security vendors, security researchers at Symantec have discovered that in addition to stealing passwords, Flashback is also being use for ad-click fraud. It’s clear that this threat still exists today.

By Kevin McNamee, Kindsight Security Labs