(LiveHacking.Com) – According to new figures released by Dr Web, over half a million Macs are still infected with the Flashback Trojan. The number of infected Macs rose to over 650,000 on April 4th and has remained consistent since even though Apple has released patches to fix the vulnerability used by the trojan. These numbers are in stark contrast to figures released by Symantec who say that “currently, it appears that the number of infected computers has tapered off, but remains around the 140,000 mark.”
Computerworld spoke with Symantec who have now revised their outlook and are agreeing with Dr. Web’s analysis. “We’ve been talking with them about the discrepancies in our numbers and theirs,” said Liam O Murchu, manager of operations at Symantec’s security response center, in an interview. “We now believe that their analysis is accurate, and that it explains the discrepancies.” To count the number of infections Symantec uses sinkholes and according to a blog update, these “sinkholes are receiving limited infection counts for” Flashback.
Flashback is spreading due to a Java concurrency vulnerability (CVE-20120-0507) which was fixed in Java Version 6 Update 31, or Java 7 Update 3 on Feb. 15, 2012 but only on the Windows platform. This left Mac users vulnerable. Apple finally fixed the vulnerability in early April, but by then the trojan had started to spread rapidly.
The exploit used by Flashback is based on a vulnerability in AtomicReferenceArray which allows the malware to disable the Java runtime sandbox mechanism. This is done by creating a special serialized object data which due to a logic error (and not a memory corruption) allows the attacker to run arbitrary code on the victim’s Mac. The Flashback trojan, which is so named as the first variant was distributed as a fake Flash Player installer, uses Java vulnerabilities dating back to 2009 through 2011.
Here at LiveHacking we urge Mac users to to install the Java updates and afterwards scan your system to check if it has been infected. Apple have released a Flashback Removal tool.