Apple logo

The number of Mac computer infected by the Flashback virus has fallen by almost half a million since a tool to fix the problem was released by Apple earlier this month.

The Flashback trojan first appeared back in 2007 and but earlier this month it emerged that it had infected more than 600,000 Macs before Apple came up with some software to identify the malware and remove it last week. In a matter of days the number of infected computers has fallen to around 140,000.

Targeting Macs that have older versions of Java Runtime installed, Flashback downloads itself to a compatible Apple laptop or desktop PC, then generates a list of botnet control servers and begins checking in with them.

Despite the large decline in infected Macs in just a few days, Norton Symantec had expected the number to be lower still. "Given the number of removal tools and Apple security updates now available, it was hoped that the decline would be greater at this point.

"There remains a significant number of Mac users who haven't followed the simple and necessary steps to bring the infection numbers down to zero," the security firm told Cult of Mac.

It was previously revealed that of the 600,000 Macs infected, 274 were located in Apple's hometown of Cupertino, California.

As security expert Graham Cluley explains, once Flashback is installed on a compromised Mac it does two things: "One is a data stealing trojan that attempts to steal passwords and banking information from Safari.

"The other appears to do search engine redirection, presumably to perform advertising fraud or direct victims to further malicious content."

Cluley continues: "First and foremost Mac users need to be sure they have installed the latest security patches from Apple. Second, Mac users can no longer rely on simply updating their computers. Preventative protection is an essential defense mechanism to detect and thwart future attacks."

The news comes in the same week that the SapPub malware was discovered to infect Mac computers through a contaminated Microsoft Word document.

The malware - which goes by the full name of Backdoor.OSX.SabPub.a - connects the infected Mac to a remote website and waits for instructions; these can include executing commands or taking screenshots. A group of these infected computers, called a botnet, can be used to devastating effect by the person in control.