As of yesterday, security company Symantec released a statement claiming there were still 140,000 Macs infected from the recent Flashback malware outbreak that originally infected an estimated 600,000 Mac users. That was despite Apple issuing a Java security update to remove the malware. Today, security researchers from Kaspersky said during a press conference (via Ars Technica) that it estimated infections dropped to 30,000, while still warning more “mass-malware” on OS X is on the way:
“Market share brings attacker motivation… Expect more drive-by downloads, more Mac OS X mass-malware. Expect cross-platform exploit kits with Mac-specific exploits.”
Kaspersky also clarified that much of the Flashback infections were spread through trusted WordPress websites that have been hijacked rather than through malicious downloaded files as many assume. Ars explained:
It’s worth noting that Kaspersky says the latest Flashback infection was spread via hijacked WordPress sites thanks to a vulnerability in the blog software. This means that trusted blogs visited by Mac users could have been used to spread the infection, debunking the myth that infections only happen by visiting shady websites or opening unidentified files.
As for who is behind the recent Flashback infection, Kaspersky does not know. In an article examining the link behind Apple’s growing marketshare and increasing malware on the platform, Lab Expert Kurt Baumgartner speculated “eastern euro-cybercrime” is probably a good bet:
At this point, we still don’t know who is behind Flashfake, so we don’t know for sure that they were the same Mac OS X FakeAv/Rogueware group. Speculating that eastern euro-cybercrime is behind the botnet would be a pretty confident way to go right now. There are known groups from the region that have succeeded at wringing ad revenues from traffic hijacking. We don’t believe that other sensitive data has been targeted. And the exploit distribution URLs that we are aware of have only targeted mac users. These factors limit the operational and technical needs of a financially motivated cybercrime gang.
Not surprisingly, Kaspersky is recommending security software as a necessity for Mac users going forward. The security firm did note that the introduction of Apple’s new Gatekeeper utility in Mountain Lion this summer, which allows tighter control over the sources of downloaded content, would provide added security to users. Apple has not responded to Kaspersky’s statements.