Dr. Web’s analysts say “the number is still around 650,000”

Apr 21, 2012 17:31 GMT  ·  By

Doctor Web, the Russian company that originally sounded the alarm on the dangerous Flashback Trojan infecting hundreds of thousands of Macs worldwide, is contradicting reports from competing security vendors which said the number of infected machines was on a decline.

Actively monitoring the largest Mac botnet ever discovered, Doctor Web's virus analysts have put together new botnet statistics which contradict recently published reports indicating a decrease in the number of Macs infected by BackDoor.Flashback.39.

According to Dr. Web, “the number is still around 650,000.” The company explains:

“According to Doctor Web, 817 879 bots connected to the BackDoor.Flashback.39 botnet at one time or another and average 550 000 infected machines interact with a control server on a 24 hour basis."

"On April 16, 717004 unique IP-addresses and 595816 Mac UUIDs were registered on the BackDoor.Flashback.39 botnet while on April 17 the figures were 714 483 unique IPs and 582405 UUIDs. At the same time infected computers, that have not been registered on the BackDoor.Flashback.39 network before, join the botnet every day.”

The chart above (click to enlarge) shows how the number of bots has been changing from April 3rd to April 19th.

Dr. Web says that, despite the fact that recent publications found in open access report a reduction in the number of bots, they are erroneous.

The reason: “these materials are based on analysis of statistics acquired from hijacked botnet control servers.”

Doctor Web's conducted a research and discovered that the bots do not communicate with some command centers registered by information security specialists.

So, even though Symantec and Kaspersky Lab reported a significant decline in the number of BackDoor.Flashback.39 bots, Dr. Web indicated “a far greater number of bots which didn’t tend to decline considerably.”

“Doctor Web once gain warns Mac OS X users of the BackDoor.Flashback.39 threat and strongly recommends you to install Java updates and scan the system to determine whether it has been infected,” the company states.

The company recommends that people document themselves about BackDoor.Flashback detection and neutralization at https://www.drweb.com/flashback/.

Dr.Web also offers a free Flashback removal tool for customers who believe they have an infected Mac.