"This is the cause of controversial statistics," said Dr. Web.

Firms that reported a decrease in the Flashback botnet attributed the decline to the that Apple distributed April 3, the detect-and-delete tool it shipped on April 12, similar tools issued by several antivirus vendors and the intense media attention paid to the outbreak.

Dr. Web's numbers hint that all of that was in vain.

Flashback's primary attack vector has been a Java vulnerability that Oracle patched in February, but Apple fixed only seven weeks later. Apple maintains its own version of Java for Mac OS X.

The French security company Intego first spotted the Flashback variant that exploited the then-unpatched Java bug in late March.