How big is Flashback compared to Windows malware?

I’ve heard some comments on forums which suggest that Flashback isn’t that important or successful because it’s “only” infected around 1% of the Mac installed base – around 500,000 machines, from about 50 million. Unfortunately, this displays the kind of ignorance about malware and its prevalence that I’ve often found from Mac users.

To recap on Flashback: it’s a Java-based exploit, so you need to have Java installed to be vulnerable. It’s a “drive-by” exploit, which means you can be infected simply from visiting a website, no user intervention required. It goes on to ask for your admin password, but this is not required for a successful infection of your account – the admin password simply allows it to infect other accounts on the machine. It communicates back to command and control servers elsewhere – at the moment, this is simply to harvest user names and passwords from Safari, but it could also install further malicious code packages (as botnets often do). If you want to know more, I’d suggest you read Rich Mogul’s excellent Macworld article.

Viewed in comparison to most Windows malware, Flashback is very successful. For comparison, Conficker, which you’ll have probably heard of, infected around 10m Windows machines – which is a big number, but amounts to less than 1% of the installed base of 1.25 billion PCs worldwide.

In terms of the percentage of a platform’s installed base infected, Flashback is the second or third most successful botnet in history. Only BredoLab‘s 30m machines (2.2% of the Windows installed base) beats it, and it’s around the same level as Mariposa. Mariposa was regarded as such a significant threat that a group of companies banded together to try and take it down, leading to a battle between them and the group responsible for the infection which temporarily knocked out a big chunk of Canadian internet access. That’s pretty big, and pretty scary stuff.

So basically, Flashback is to Mac users what Mariposa was to Windows users. Really, if you’re thinking that 1% of a platform is a low number, you should learn more about the real-world malware scene. It might protect you in the future.

Enhanced by Zemanta