Around 140,000 Macs remain infected with the Flashback Trojan.
According to a blog by Symantec, the statistics from its sinkhole are showing declining numbers each day, but not an overall clean-up. It was initially rumoured that around 600,000 Macs were infected with Flashback on 9 April; this dropped to 380,000 on 10 April after which to 225,000 on 13 April when Apple issued a software update to mend the problem.
The Symantec analysis also revealed that the Trojan was receiving updated information via Twitter about which command-and-control servers to contact for added instructions. Here is accomplished "by looking for specific hashtags generated by the [Flashback] hashtag algorithm", in step with the seller.
Research from Kaspersky Lab found that its authors depended on infecting WordPress sites in order that when unsuspecting users visited, they were silently redirected to a domain that installed Flashback via a drive-by download.
Alexander Gostev, head of Kaspersky Lab's global research and analysis team, said that from February to March, thousands of websites created at the popular publishing platform were poisoned when their webmasters were running vulnerable versions of WordPress.
Gostev said: “Approximately 85 per cent of the compromised WordPress sites can be found within the Usa.â€
Kaspersky Lab said that WordPress is an extremely popular platform for attackers to focus on as there's not a great deal it could do if people neglect to update their WordPress or plug-in software.
In late January, Websense began tracking the outbreak on WordPress, with the number of WordPress blogs that were compromised said to be gradually growing; a vulnerable version of WordPress, 3.2.1, was updated in December but was still widely in use.
Websense said that attackers were using automated scanners to locate vulnerable sites, then benefiting from input validation errors to embed IFRAMEs, which redirected users to exploited sites.
Nessun commento:
Posta un commento
Comments links could be nofollow free