April 23, 2012, 11:39 AM — The number of Mac PCs infected by the Trojan that created the Flashback botnet has not been dropping nearly as much as anti-virus vendor Symantec claimed last week according to the Russian security company that first discovered the botnet.
On Aug. 11 Symantec announced the number of Macs infected with the Flashback malware had dropped from more than 600,000 to about 270,000 following release of a patch Apple released to plug the Java hole exploited by the malware.
During the following week it announced further slimming of the botnet to about 140,000 machines compared to a high of 670,000 on April 8.
Other anti-virus and security companies counted the victims far differently, however.
Kaspersky Software's count dropped as far 45,000 active infections, for example.
On the other hand, Russian security company Dr. Web – which published the first warnings of the malware April 4 – announced earlier today it counts 650,000 Macs with the Flashback virus still active, a drop of only 23,000 from the peak it counted earlier.
The difference in numbers comes from the methods Symantec and Dr. Web use to count infections.
Symantec counts using a sinkhole – servers set up to look like one of the 70 command & control servers the Flashback Trojan polls periodically for instructions.
Dr. Web does the same, but claims to have found an entirely separate pool of infected Macs by tracing secondary communications between bots and C&C servers.