Following the news that an estimated 600,000 or more Macs are currently compromised and part of a massive botnet thanks to the Flashback Trojan, sales of Mac security software have jumped, according to application statistics and some antivirus vendors.
"We've seen a substantial increase in both sales and downloads of trial versions of our software," said Peter James, a spokesman for French security company Integra. "Part of this is certainly due to Flashback."
Intego, which develops and sells only Mac antivirus software, is best known for its £43.39 VirusBarrier V6. A 30-day free trial of the software is also available.
James did not provide sales figures for Intego's security software, or specify the increase his company has seen since a Russian antivirus firm said more than 600,000 Macs had been infected with Flashback, many of them in a recent campaign that exploited an at-the-time-unpatched vulnerability in Oracle's Java.
Another security provider echoed James. "It would be true to say that we have seen a rise in the download rates of our free antivirus for Mac home users," said Graham Cluley, a senior technology consultant with U.K.-based Sophos. Sophos, which sells security software only to enterprises and organizations, also offers a free Mac product to consumers: Sophos Anti-Virus for Mac Home Edition.
Several other companies that sell Mac security software, including Symantec and F-Secure, did not reply to questions about their recent sales trends.
But statistics from Apple's Mac App Store, the online market that launched in January 2011, hint at a strong increase in Mac antivirus interest.
BitDefender Virus Scanner, a free app in the Mac App Store, is currently No. 16 on the top 200 list of the most popular free programs, down one spot from an earlier high of No. 15, according to AppShopper.com. BitDefender's app has been on that list for just 16 days.
Clam AV, another free antivirus program for the Mac, is at No. 14 today, down four spots from its highest point on the same list but up from No. 97 on April 2, two days before news of the Flashback infection began in earnest.
Meanwhile, Intego's VirusBarrier Plus was holding down the No. 78 spot on Wednesday, down from its peak of No. 17. The £6.99 app has been on AppShopper's top 200 list of paid apps for just one week.
Kaspersky's Virus Scanner, which also costs £6.99, is at No. 90, and reached a high of No. 73 in the seven days it's been on the list.
The spike in downloads and sales didn't surprise Stephen Baker, an analyst with the NPD Group, which tracks retail software sales in the U.S.
Although NPD doesn't have sales data on Mac antivirus software during the last week -- it takes the company longer than that to acquire and compile the numbers -- Baker said there's a strong link between security threats and sales.
"Historically, we have always seen a jump in security sales that correlate to highly publicized security issues," said Baker in an email reply to questions. "[But] the spike seems to be declining over the years as more consumers use and recognize the importance of security software."
Some Mac owners have been skeptical of the claims that Flashback has infected hundreds of thousands of machines, and have accused antivirus vendors like Dr. Web and Kaspersky -- the two Russian companies that have calculated the extent of the malware infection -- of hyping the threat to sell software.
One Sophos executive addressed those critics in a blog post today.
"For those of you inclined to let rip in the comments that I'm only discussing Mac malware, and talking up the risks, because we happen to have a free product to 'sell' you, please consider an alternative explanation," argued Paul Ducklin, who heads Sophos Asia-Pacific technology team. "Perhaps the reason we have a free product to 'sell' is because we think there is a genuine risk?"
Flashback had infected nearly 2% of the Macs that used Dr. Web's free checking tool, and the malware's makers currently control more than 650,000 systems.
Apple, which updated Java for Mac OS X on April 3 to quash the bug Flashback has been exploiting, promised yesterday to release a free detect-and-delete tool, probably within the next week.