Malware creates half a million dirty Macs


----------------

If you somehow still believed that Apple computers are immune to malware, it’s time to get real. A security researcher is reporting that more than half a million Macs have been infected with a Trojan known as Backdoor.Flashback.

According to Doctor Web, a Russian seller of anti-virus software, the Trojan works along lines that are very familiar from the PC sector. A dodgy link takes the browser to an infected website that uses Javascript to get the infection onto the computer. At least four million webpages currently house the virus, and it appears many are using the .nu domain that is officially for sites based on the small Pacific island of Niue, but actually often used by foreign firms for its linguistic appeal.

The Flashback name comes from the way the Trojan was originally housed within a bogus update for Adobe Flash, before the creators switched to the infected website strategy.

Once installed the software hooks up with a control server and awaits further instructions. The control server is able to send out and run executable files on the infected machines. Doctor Web has intercepted these communications and found 550,000 separate machines have been compromised in this way, with 76 percent located in the US or Canada (see image above).

The Trojan takes advantage of several vulnerabilities in the Java feature on the latest editions of OS X, most notably a breach that means the sandbox protection on Java is compromised, allowing code to be run without the user’s express permission. Apple is urging users to update their system to Java version 1.6.0_31 via the software update option in the system preferences panel. There’s been some controversy as Java creator Oracle came up with a fix back in February, but it’s only just been made available by Apple to Mac users.

The good news is that so far it doesn’t appear the creators have been able to capitalize on the network of infected machines yet.

The incident should serve as a reminder that although Macs have a better security record, this is a combination of a smaller target audience and less user control to be exploited, rather than Apple computers being magically immune. That brings into question some Apple adverts that, while not specifically claiming Macs can’t be hit by viruses, has been perhaps over-dismissive of the potential risks.





13 Responses to Malware creates half a million dirty Macs

  1. Why is this newsworthy (even if highly inaccurate?) Because viruses/trojans/maleware is so _rare_ on Macs that anything makes headlines. Do you see articles screaming about the thousands of viruses that plague windows? No, because they are as common as pollen, and when was the last time you saw a fear-inducing headline about pollen.

    Truth is, this maleware is so lame it's not even on 50,000 computers, much less 600,000. In a follow-up a _reputable_ security firm did a spot check on 4,000 computers it maintained and didn't find a single case of backdoor.flashback.

    Sorry, Apple-haters, you're going to have to do better than this.

    • You don't see the newsworthiness of the masses of OSX users infected who believe they are somehow impervious to reality? That the magic Apple distortion field is not hack proof? That's news.

      Where's the link to "a_reputable_security" firm's spot check?

      An ironic twist for one of the variants of the trojan is that Microsoft apps will cause the trojan to delete itself (and not deliver its payload):

      From http://www.f-secure.com/v-descs/trojan-downloader

      In cases where the user did not input their administrator password, the malware checks if the following path exists in the system:

      /Applications/Microsoft Word.app
      /Applications/Microsoft Office 2008
      /Applications/Microsoft Office 2011
      /Applications/Skype.app

      If any of these are found, the malware again skips the rest of its routine and proceeds to delete itself, presumably to avoid infecting a system that has an incompatible application installed.

    • You don't even have to try to debunk the myth that malware is rare for Macs. Its quite common. The only reason why you don't know about it is because most users don't have an antivirus installed due to the HUGE misconception created by Apple that Macs don't get viruses, worms, or malware.

      • Some people still think the people authoring trojans and worms are elite cool kids sitting around ready to take out the establishment and that they wouldn't dare touch Apple.

        Which, of course, isn't the case. Even if they were a bunch of hipster programmers, Apple is as much an evil corporation as the rest and I doubt the criminals writing this code see a difference from one American corp to the next.

      • Malware has always been a problem with Mac's, just that their user base is kinda "naive".

        Mac OS X is quickly becoming a harbinger of the plague.

        Good OS… just needs to become real to the fact that if it can be made it can be broken.

    • Major trojans and viruses are generally newsworthy. Hate to break it to you. Just because it's trouncing on your widdle Apple that doesn't mean it's not news worthy.

    • Why is it that every time a tech blog posts a story telling the users that Macs aren't immune to viruses and should be on the lookout, some defensive fanboy comes out trying to reassure himself of how secure Macs are and accuses the writer of being an Apple-hater?

      Truth is, it's a GOOD thing to be aware of major security threats, especially when that threat is on an operating system that so many people claim is nigh impregnable. Just accept that your Operating System of choice is not perfect and stop trying to reassure everyone that they don't have to worry about security when they obviously do.

      I don't mean to sound rude, but come on!

    • Sorry Apple-lover. Macs generally are much more hack-prone than PC's. The only reason that there are so few Mac malwares/viruses/trojans etc is that until recently there were a few Macs around and it wasn't worth the effort to build an attack for a Mac. Now the numbers are going up you will see more and more occurrences of this phenomenon. FYI a Win 7 machine is much more secure than the equivalent Lion machine. The arrogance Mac users have regarding their fictitious superiority over other OS's will cost them dearly in the near future from a barrage of Mac targeted malware.

  2. Ok… and how do u know if i am infected, if i dont find free antiviruses, like avira???
    And how do i know if i was infected with this one mentioned here?

    • That little bit of info seems to be noticeably absent from this story. Normally stories about viruses and malware and whatnot tell you what to look for … there's no indication here on how to find out whether your computer is infected. It does me a little skeptical of the story as a whole.