Even as the infections from the Flashback malware decline, researchers are calling for increased vigilance among Mac users. Details emerge on the role of Wordpress-powered blogs in the outbreak.
Mac systems infected by the Flashback trojan are declining, but Symantec says that the decrease is not as rapid as would be expected with all of the removal tools, patches, and instructions that have been made available in the past week or so: "Currently, it appears that the number of infected computers has tapered off, but remains around the 140,000 mark."
As the dust settles around one of the most significant malware outbreaks for Mac systems to date, more details have emerged about how the botnet began in the first place and why North American users were hit harder than others. According to Kaspersky Labs, at first the trojan was distributed by social engineering only -- users were duped into downloading a fake Adobe Flash plugin, but what really made it catch fire in March of 2012 was a "cybercriminal partner program" that appears to be of Russian origin:
The partner program was based on script redirects from huge numbers of legitimate websites all over the world. Around the end of February/early March 2012, tens of thousands of sites powered by WordPress were compromised. How this happened is unclear. The main theories are that bloggers were using vulnerable versions of WordPress or they had installed the ToolsPack plugin. Websense put the number of affected sites at 30,000 , while other companies say the figure could be as high as 100,000. Approximately 85% of the compromised blogs are located in the US.
Whatever the outcome of this particular bit of malware, the era of Mac users' complacency regarding security is probably over -- or should be, according to many researchers such as Kaspersky. As this Ars Technica post reports, Kaspersky is trying to send the message to Mac users that invulnerability of any system is a "myth." With popularity and market share come the accompanying burden of targeted attacks.
Are you currently using additional anti-malware software on your Mac, or are you thinking about installing it? Do you think the Gatekeeper security feature to be released as part of OS X 10.8 this summer will help crack down on the malware problem and make additional software superfluous? CNET's Elinor Mills was pretty high on its prospects from her look at the preview.