MELBOURNE, Australia – 11 April, 2012, The world’s largest Mac-based infection, the Flashfake botnet, has infiltrated 41,600 Australian computers, placing Aussie computers as the number four most infected by the virus in the world.
Kaspersky Lab’s experts recently analysed the Flashfake botnet and found a total of 670,000 infected computers worldwide, with more than 98 per cent of the affected computers most likely running the Mac operating system X.
“This is the largest Mac-based infection to date, with the largest number of victims coming from developed countries.” Nigel Hedges, Technical Services Manager, Kaspersky Australia and New Zealand said.
“Flashfake emphasises the need for software to be regularly updated while at the same time destroying the popular myth that the Mac OS X is invulnerable to malware.” Mr. Hedges said.
An analysis of country of origin found that The United States had the most infected computers (300,917) followed by Canada (94,625), the United Kingdom (47,109) and Australia (41.600).
Kaspersky advises that consumers running Mac OS X visit www.flashbackcheck.com, a safe website, to check to see if their computer is infected. Users simply need to enter their Universally Unique Identifier (UUID), which will be checked against Kaspersky Lab’s Flashfake database of infected computers.
If a consumer’s UUID is found in our database of infected computers, their Mac will need to be disinfected. Two remedies to remove Flashfake are:
1. Use the free utility, the Kaspersky Flashfake Removal Tool. It will automatically scan the computer’s system and remove Flashfake if it is detected. This is a free-to-download and free-to-use program
2. Download a trial version of Kaspersky Anti-Virus 2011 for Mac. This program offers comprehensive protection against all known malicious programs for Mac OS X, including Flashfake
Recent developments
Throughout the weekend Kaspersky Lab experts have seen a decline in the number of active bots for Flashfake. On 6 April the total number was 650,748 and by 8 April the number of active bots had decreased to 237,103.
However, the decrease in infected bots does not mean the botnet is rapidly shrinking. The statistics represent the number of active bots connected to Flashfake during the past few days– it is not the equivalent of the exact number of infected machines. Infected computers that were inactive during the weekend would not be communicating with Flashfake, thus making them not appear as an infected bot.
Since connecting to the botnet for analysis, Kaspersky Lab’s sinkhole server has registered all the data sent by bots from the infected computers and recorded their UUIDs in a dedicated database. Based on this information, Kaspersky Lab’s experts have created an online resource where all users of Mac OS X can check if their computer has been infected by Flashback / Flashfake.