Apple has already issued a patch for the Java vulnerability that affected more than 600,000 OS X users earlier this month, but according to Symantec, there's still plenty of work to be done. According to the security software manufacturer, around 140,000 Macs are still infected with the Flashback trojan (OSX.Flashback.K), which exploits a vulnerability in Java 1.6.0_29. Statistics from Symantec's sinkhole (a mock control and command network) show that infections are declining "on a daily basis," but the firm says it expected these numbers to drop more drastically than they have — especially since Apple released a dedicated removal tool just a few days ago.
The good news, of course, is that these numbers are indeed on the decline, and Symantec projects that less than 99,000 machines will be infected by the end of today. There's no clear explanation for why it's taken so long for these remaining devices to be cleaned out, nor is there any clear correlation between Apple's actions and Symantec's statistics.
Apple issued its patch on April 3rd, but according to Symantec, it wasn't until April 9th that infections began to decline, when Kaspersky released its own removal tool. It appears that Cupertino did chip away at the problem on April 12th, however, when it released its Flashback remover and saw infections drop down to around 200,000. Causality aside, if you suspect your Mac may still be carrying this malware, Symantec recommends installing Apple's latest patches and updating your antivirus software.