It wasn’t that long ago when the Flashback Trojan infected over 600,000 Macs, and even now there are at least 22,000 infected devices out there, researchers said.
Researchers found 14,248 unique identifiers of the latest version of the threat designed to allow attackers to steal information from infected devices, said officials at security firm Intego.
Apple has taken some steps to disrupt the Flashback botnet, including the release of a malware removal tool and the shutdown of the domains utilized by the malware.
Intego owns some of the command and control (C&C) servers used by the Trojan. The security firm said it spotted connections from infected devices trying to contact the sinkhole servers.
As most security professionals will say, you might harness a botnet, but you can never say for sure it is gone. For the time being, Apple and security outfits are closely monitoring the servers so it’s difficult to revive the botnet. However, experts said the malware author could buy the C&C domain names in the future.
Furthermore, if at one point no one is supervising them, the domains could fall into the hands of other cybercriminals.