14 DAY TRIAL // After infecting roughly 600,000 Macintosh computers around the world, the Java-exploiting BackDoor.Flashback.39 Trojan has been deemed by security firms as the biggest malware threat the Mac has ever seen.
The estimate on infected computers around the globe came last week from Russian antivirus company Dr. Web.
The numbers were later confirmed by the world’s best-known security firm, Kaspersky, which said that over 98 percent of the affected computers were running Mac OS X.
Bitdefender’s Catalin Cosoi, chief security researcher, believes the infection was the largest in the last decade, despite being unable to precisely measure exactly how many Mac OS X computers got the “bug”.
"600,000 represents around 12 percent of the Mac OS computers sold in Q4 2011," Cosoi said, "which means that if we count the number of Mac OS devices sold in the past three years, we can estimate that less than 1 percent of the Mac OS computers are possibly infected. On the other hand, if we look at the actual numbers and not at the percentages, the numbers look pretty scary."
Mikko Hypponen, chief research officer at antivirus and computer security firm F-Secure, agreed that "It's the biggest, by far." Hypponen tells CNet in an email, "I'm afraid the malware-free times of Mac users are behind us permanently."
BackDoor.Flashback.39 exploits a flaw in the Mac OS implementation of Java. Oracle patched the holes months ago but Apple took its time and only issued a patch last week.
The danger has been eliminated only temporarily, and HTML5 is no safer, despite Apple promoting it as a better web standard.
Paul Ferguson, a senior threat researcher at Trend Micro, said "Wait until HTML5 becomes more ubiquitous for similar types of threat vulnerabilities, and you can have a botnet that runs in your browser. The more ubiquitous these platforms are, it won't matter if it's a mobile device or a computer. It it's [sic] running Java or any other cross-platform technology, the threat is there."
Roel Schouwenberg, a senior researcher at Kaspersky Labs, told Cnet that "The fake antivirus epidemic from last year was the real turning point. With all the media attention, malware authors realized they could make money off Macs."