The number of Macs infected by the Flashback malware has gone down by more than half, from 550,000 to 600,000 computers last week to 270,000 in the last 24 hours, Symantec said Wednesday.
It could be that word about the malware and available fixes spread more quickly in recent days than the malware itself -- which can be used by criminals to steal personal information, including passwords. On April 6, Flashback was estimated to have infected as many as 600,000 Macs, Symantec said:
"This figure has decreased significantly since then and from our sinkhole data, we have estimated that the number of computers infected with this threat in the last 24 hours is in the region of 270,000, down from 380,000. We will keep a close eye on the amount of these infections over the coming weeks."
Security software maker Intego said as of last Thursday, "all of the servers that were providing the Flashback malware seem to be off-line; this is likely to do the activities of the many security companies that have worked on exposing this malware and the servers it uses. However, the command and control servers are still active, so those Macs that are infected are still vulnerable to data theft and more."
Some have criticized Apple for not getting a malware fix out sooner; Flashback has been around since late last year. "It has come a long way from its humble beginnings as a social-engineering scam trying to pass off as a fake Flash update using digital certificates purporting to come from Apple," said Symantec.
Last week, Apple issued security patches to address Flashback. Mac users can get Apple's patch by clicking on Software Update in the Apple menu, or do a manual security update from Apple's website.
Sophos Security's Paul Ducklin gave Apple credit and a "huzzah!" for breaking its pattern of saying little or nothing about malware by releasing an Apple Knowledge Base article April 10 in which it "apparently for the very first time - talked about a security problem before it had all its threat response ducks in a row," Ducklin wrote on Sophos' blog. Apple said in addition to offering a security patch, it is "developing software that will detect and remove the Flashback malware."
Meanwhile, on Wednesday, security firm F-Secure released a free tool that can detect and remove Flashback if you don't want to wait for Apple's.
Symantec also released charts showing where Flashback is most prevalent -- the U.S., Canada and United Kingdom lead that chart -- and the IP addresses that are being used to spread Flashback. Both charts are below.