Infection rates of the Flashback malware that was on over 650,000 Macs at the beginning of April have been in steep decline, according to the organization that discovered the malware in the first place. What’s more, thanks to the proliferation of detection and removal tools (including Apple’s), the rate of new infections has dropped almost to nothing.
Still, Flashback is not quite dead yet – it’s only mostly dead. Boris Sharov, head of Dr. Web, the Russian security firm that originally discovered the Flashback malware back in April, told Forbes that “[i]t’s going very slowly, and there’s still a ways to go.” Nevertheless, he said, new infection rates are almost nonexistent and the number of infected computers – still around 460,000 – is dwindling by about 100,000 per week. At that rate, Sharov said, “I think in a month it will be over.”
Sharov said that the process of cleaning up infected computers is going far more slowly that it would have if Flashback had been infecting Windows-based computers, rather than Macs. Sharov blames Mac users’ tendency to view their computers as immune to threats posed by malware. Unfortunately, Apple itself has tended to encourage that view over the years. For example, the Mac’s supposed immunity to viruses was the subject of one of their famous “I’m a Mac” commercials back in 2007:
It is true that Macs have had far fewer problems with viruses and malware over the years, and it is true that the underlying structure of OS X is somewhat more secure than Windows. Nevertheless, part of the Mac’s supposed immunity is a factor of its smaller market share: there are far more Windows computer than Macs, and creating malware for Macs has been far less cost-effective than creating it for PCs.
The Flashback malware has had a huge impact on the Mac security landscape. For one, Flashback is one of the first Mac-targeted malware programs that doesn’t require user interaction to download and install. It gets in through a (now patched) flaw in Java that allows it to install on a user’s computer if they so much as visit an infected website. Additionally, Flashback appears to have been quite profitable. As we reported yesterday, at its height Flashback was netting its creators around $10,000 per day.
If other malware creators learn to duplicate Flashback’s success, it’s a safe bet that the era of the virus-free Mac is drawing to a close. While viruses may never be the kind of problem on Macs that they are on PCs, Mac users can’t afford to ignore malware completely anymore.