On 2012 Apr 09, at 11:28, Shawn King wrote: > "Doctor Web’s researchers were able to “sinkhole” part of the Flashback bonnet –hijack some of the domains used to issue commands to infected computers – and calculated the size of the botnet by counting the UUIDs (universally unique identifiers) presented by OS X to the controlling servers." Thank you, Shawn. Well, I'm still not sure I trust a statement from a Russian antivirus company named "Doctor Web". But based on my limited understanding, that explanation, although a little contorted, seems plausible, or at least it was written by someone who seems to know what they're doing. Some contortion is certainly due to translation from a Russian engineering-speak to English public-relations-speak.