The infamous Mac trojan Flashback, which infected 800,000 Mac OS X machines at its height this April, is still lingering on over 140,000 computers, according to Russian security firm, Dr Web.
The company has tracked a steady decline in the number of infections across the world since first reporting a massive Mac trojan outbreak was underway in early April, but notes there remain a significant number of infections.
If Dr Web's figures are correct, the number of infections is nearly as large as what other security vendors reported in late April after security vendors released removal tools for the malware.
At the beginning of July there were 225,016 Flashback infections, according to Dr Web. Total infections declined by between 7,000 to 10,000 machines every three days until 19 July to 180,536 and then fell by over 30,000 machines in the three days to 22 July to 148,492.
Symantec, in late April, initially reported logging 140,000 universally unique identifiers (UUID) associated with each Mac infected by the Flashback malware. Fellow Russian AV vendor Kaspersky Lab was reporting over 200,000 Flashback infections.
However, at the time, Dr Web was reporting the total number of UUIDs associated with the malware at over 582,000 and unique IP addresses at over 714,000. Symantec later increased its estimate to 185,000 UUIDs. Dr Web claimed other vendors were undercounting the number of infections because the servers it was relying on to produce its figures offered a more complete picture.
Surprisingly, Dr Web also says the trojan is still taking a small number of new victims each day.
“[D]espite the release of operating system updates, anti-virus software for Mac OS X, and an array of tools to remove BackDoor.Flashback.39 offered by various companies, newly infected Macs are still joining the botnet, though their number at present does not exceed 3-4 computers per day,” says Dr Web.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.