Dr. Web: Flashback malware hasn't been cut down after all

Earlier this week, Symantec reported that the number of Mac OS X computers infected with the Flashback malware had been cut down to just 140,000, compared to over 500,000 Mac PCs just a couple of weeks ago. Now the Dr. Web research team, which discovered the Flashback malware in the first place, is saying, "Not so fast," to Symantec's numbers. In fact the team claims that the number could be as high as 650,000 infected Mac PCs.

In a post on its site, Dr. Web states:

BackDoor.Flashback.39 uses a sophisticated routine to generate control server names: a larger part of the domain name is generated using parameters embedded in the malware resources, others are created using the current date. The Trojan sends consecutive queries to servers according to its predefined priorities. The main domains for BackDoor.Flashback.39 command servers were registered by Doctor Web at the beginning of April, and bots first send requests to corresponding servers. On April 16th additional domains whose names are generated using the current date were registered. Since these domain names are used by all BackDoor.Flashback.39 variants, registration of additional control server names has allowed us to more accurately calculate the number of bots on the malicious network, which is indicated on the graph.

Symantec quickly posted an update to its blog which admitted that the Dr. Web team may have a point. While it still believes that Flashback infections have in fact been curtailed, they have not gone down as much as expected.

Apple has already released a Mac OS X update that is supposed to remove the Flashback malware. In addition, the update also sets the Java web plug-in program to disable the automatic execution of any Java applets. Flashback was installed on all those Mac PCs thanks to a flaw, since fixed, that allowed JavaScript code to load to a Java applet that contained Flashback to a Mac PC.

Image via Dr. Web

Report a problem with article
Previous Story

Microsoft pulls Office for Mac 2011 SP2 update

Next Story

White Lumia 900 doesn't have latest firmware update

23 Comments

Commenting is disabled on this article.

I do not own a Mac so can someone help me out? Is a Mac like the UAC on Vista because I keep hearing about pop-ups when trying to install or download things every since this malware stuff began. Do people with Macs really have to click every time they want to install or run programs? I know every one should have that level of security but it seems that a Mac will just not let you do things and Windows will let you run anything.

pwgarner said,
I do not own a Mac so can someone help me out? Is a Mac like the UAC on Vista because I keep hearing about pop-ups when trying to install or download things every since this malware stuff began. Do people with Macs really have to click every time they want to install or run programs? I know every one should have that level of security but it seems that a Mac will just not let you do things and Windows will let you run anything.

To perform administrative tasks such modifying system files and installing new applications, you need to enter password. Same as Windows UAC.

simrat said,

To perform administrative tasks such modifying system files and installing new applications, you need to enter password. Same as Windows UAC.

well if the app has an installer, otherwise its just drag and drop into /Applications

pwgarner said,
I do not own a Mac so can someone help me out? Is a Mac like the UAC on Vista because I keep hearing about pop-ups when trying to install or download things every since this malware stuff began. Do people with Macs really have to click every time they want to install or run programs? I know every one should have that level of security but it seems that a Mac will just not let you do things and Windows will let you run anything.

its allways been that way with unix systems. you have a root account and a user account, if you wish to make changes to the OS you have to provide the root account password. its a shame microsoft never took this approach with windows.

in win2k you had to provide a password for the "administrator" account but the default user account you created for your self had administrator rights.

maby with windows 8 etc they will take note. becasue all this run as administrator crap which often does not require a password unless one was set but the user is totaly useless. and is why malware can be installed on the windows vista/7 os's.

but this malware was installed by a java exploit.

Edited by xSuRgEx, Apr 21 2012, 11:21pm :

xSuRgEx said,
maby with windows 8 etc they will take note. becasue all this run as administrator crap which often does not require a password unless one was set but the user is totaly useless. and is why malware can be installed on the windows vista/7 os's.

There's absolutely nothing stopping you from running as a standard user account, which would require an admin credentials and not just clicking a box, duplicating this sort of su behavior. It's been available since forever, it's just not enabled by default.

xSuRgEx said,

its allways been that way with unix systems. you have a root account and a user account, if you wish to make changes to the OS you have to provide the root account password. its a shame microsoft never took this approach with windows.


They did. That's exactly what UAC is. No difference, really.


maby with windows 8 etc they will take note. becasue all this run as administrator crap which often does not require a password unless one was set but the user is totaly useless. and is why malware can be installed on the windows vista/7 os's.

Why is it useless? Is entering a password really more secure than just clicking Allow? There is absolutely no difference. Besides, you can enable that behavior if you want. It's just more inconvenient and adds no additional security to single user systems.

For multi-user systems, you can give users standard accounts, not administrator accounts. These require the administrator's username and password - just like you want. It's already implemented.

Run as administrator = run as root. Same thing, different name. Yet you call it totally useless.

Edited by rfirth, Apr 21 2012, 11:44pm :

simrat said,

To perform administrative tasks such modifying system files and installing new applications, you need to enter password. Same as Windows UAC.

Keep in mind that not all applications or viruses require admin/root to infect the computer. Without elevated privileges they are limited to effecting the current user's home directory, but on a home computer the information saved in your profile is just as important or more than the computer its self.

xSuRgEx said,

its allways been that way with unix systems. you have a root account and a user account, if you wish to make changes to the OS you have to provide the root account password. its a shame microsoft never took this approach with windows.

in win2k you had to provide a password for the "administrator" account but the default user account you created for your self had administrator rights.

maby with windows 8 etc they will take note. becasue all this run as administrator crap which often does not require a password unless one was set but the user is totaly useless. and is why malware can be installed on the windows vista/7 os's.

but this malware was installed by a java exploit.

Windows NT has always had the concept of Admin and User accounts, what it lacked was an easy way to elivate to Admin rights when needed. You always could setup your account without admin right, it was just a pain to log off and back on to install things (espchailly prior to XP and fast user switching).

Not requiring a password is not useless. The Yes/No dialog box is just as secure as a password screen. It is not possible for programs running on the computer to interact with that screen, so it isn't as if a various could press the Yes button for you. Windows Vista/7/8 will ask for a password if the current user is not in the admin group. So on my home computer if I try to do something I just have to click the button, if my son tries it will ask him for my password.

Edited by sphbecker, Apr 23 2012, 1:39pm :

sphbecker said,

Windows NT has always had the concept of Admin and User accounts, what it lacked was an easy way to elivate to Admin rights when needed. You always could setup your account without admin right, it was just a pain to log off and back on to install things (espchailly prior to XP and fast user switching).

Not requiring a password is not useless. The Yes/No dialog box is just as secure as a password screen. It is not possible for programs running on the computer to interact with that screen, so it isn't as if a various could press the Yes button for you. Windows Vista/7/8 will ask for a password if the current user is not in the admin group. So on my home computer if I try to do something I just have to click the button, if my son tries it will ask him for my password.

Yes, if I'm not mistaken most "normal" programs cannot control the UAC dialog. They need some special driver-like thing if I'm not wrong (some remote access programs do provide that) but you need to give a program the permission to install such a thing in the first place.

Anyway in XP onwards you don't really have to log off/switch user to install a new program, just use Run As. In Vista/7 there's a "Run As administrator" option already, but in XP Pro, I think there was a Run As option as well, which will prompt you to enter the username/password of the user you want to run the program as - and it will have the permissions of the user you enter.

Kushan said,
"I'm a PC"
"I'm a Mac"
"I'm a Mac PC, the unholy lovechild of the other two"

PC abv Personal computer so Mac is a PC too... Dont know why people say PC as windows and Mac as non PC

still1 said,

PC abv Personal computer so Mac is a PC too... Dont know why people say PC as windows and Mac as non PC

Yes but PC really stand for IBM Personal Computer compatible aka IBM PC, that later was shortened to PC.

Magallanes said,

Yes but PC really stand for IBM Personal Computer compatible aka IBM PC, that later was shortened to PC.


lame excuse... IBM called their PC IBM PC

still1 said,

lame excuse... IBM called their PC IBM PC

It's true, back in the day you called a computer either an "IBM PC" or a "Compatible PC.” Once compatibles become more common than IBM those terms dropped off and we just called them PCs. Even back then the Apple computers were not called PC, people tended to call them by name, Apple II, Apple IIe and so on.

Enron said,
Don't know who to believe anymore.

Their methodology is pretty solid well explained, and Symantec has even acknowledged it.