A second antivirus company has confirmed the extent of the Flashback malware infestation of Macs, supporting the claims made last week by Russian firm Dr. Web, which estimated more than 600,000 systems being compromised by the growing botnet. Dr. Web offered a free tool for Mac users to check their systems and found that of those who did, nearly 2% were infected. For perspective, the massive Conficker attack on PCs back in 2008 infected 4% to 5% of Windows systems during its peak.
Moscow-based Kaspersky Lab, the second security firm to confirm these reports, analyzed Flashback’s communication methods and registered a C&C domain before hackers detected it. Infected machines then contacted that domain, revealing the size of the Flashback botnet, which is now at about 600,000 computers.
Although not all of those systems were running Mac OS X, Kapersky estimates that about 98% were indeed Macs. The threat is now being considered “unprecedented, evident, and imminent” by security experts.
Apple has released an update last week to patch the Java vulnerability but has been taking the blame for being too slow to react. Oracle had patched the vulnerability for Windows and Linux systems seven weeks earlier.