|
Report from Russian security and anti-virus firm Dr. Web claims that over 550,000 Macs worldwide are infected with malware, using it as part of a bot net and potentially allowing individuals to gain acccess to the computer. Looks like Mac will have to finally give up their absurd claim that viruses and malware don't affect their devices.
From the BBC:
More than half a million Apple computers have been infected with the Flashback Trojan, according to a Russian anti-virus firm.
Its report claims that about 600,000 Macs have installed the malware - potentially allowing them to be hijacked and used as a "botnet". ... Dr Web said that once the Trojan was installed it sent a message to the intruder's control server with a unique ID to identify the infected machine.
"By introducing the code criminals are potentially able to control the machine," the firm's chief executive Boris Sharov told the BBC. ... Dr Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California - home to Apple's headquarters. .... Java's developer, Oracle, issued a fix to the vulnerability on 14 February, but this did not work on Macintoshes as Apple manages Java updates to its computers.
Apple released its own "security update" on Wednesday - more than eight weeks later. It can be triggered by clicking on the software update icon in the computer's system preferences panel.
source: http://www.bbc.co.uk/news/science-environment-17623422
From the report by the Russian Anti-virus company:
Doctor Web exposes 550 000 strong Mac botnet April 4, 2012
Doctor Web—the Russian anti-virus vendor—conducted a research to determine the scale of spreading of Trojan BackDoor.Flashback that infects computers running Mac OS X. Now BackDoor.Flashback botnet encompasses more than 550 000 infected machines, most of which are located in the United States and Canada. This once again refutes claims by some experts that there are no cyber-threats to Mac OS X.
Systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit. Doctor Web's virus analysts discovered a large number of web-sites containing the code. ... The exploit saves an executable file onto the hard drive of the infected Mac machine. The file is used to download malicious payload from a remote server and to launch it. Doctor Web found two versions of the Trojan horse: attackers started using a modified version of BackDoor.Flashback.39 around April 1. Similarly to the older versions, the launched malware first searches the hard drive for the following components:
source: http://news.drweb.com/show/?i=2341&lng=en&c=14
The virus is actually a few months old, having been first discovered back in September. But apparently the individuals behind it have in the last few months started using fake websites and malicious website ads to exploit the Java plugin to install the malware. It's about time the software world woke up and realized what an unsecure mess Java is, it's been used to install viruses quite easily on PCs for years but now it's being exploited for use with Macs too, wonderful.
Since this hack can potentially allow outside individuals access to your personal data, mac users would be well advised to take action. Apple does have a patch that fixes the loophole, but you have to actually go install it. More critically, as the bolded section shows, Java actually released a fix weeks ago that stops websites from being able to install the code on your device. Apparently Apple knew about the vulnerability, had the update, but refused to push it out to users for another 8 weeks.
Instructions on figuring out whether your mac has been infected and how to fix it can be found here: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
editorializing: But at least now anytime a mac users claims they can't get viruses, you can tell them they are completely full of nonsense. And Apple's delay in releasing the Java patch makes me wonder just how seriously they take security.
|
I am glad that finally this absolutely ridiculous claim by Apple that their computers don't get viruses has been publicly debunked. There have been other viruses but usually they get zero attention. I hate that so-called reason to get a Mac, and hate it when people rub it in my face.
But personal prejudices aside.
I wonder why Apple waited so long to release this patch? Were they hoping that the Java patch would fix it quietly or what?
|
On April 07 2012 04:39 CyDe wrote: I wonder why Apple waited so long to release this patch? Were they hoping that the Java patch would fix it quietly or what?
Well my understanding is Apple has to approve and push out all updates to Java for their devices. Oracle released the fix for Java in early February. But because Apple has control over all the updates for their devices, Mac users didn't get access to the Java fix for another 8 weeks while Apple sat on it.
Not the right approach to dealing with malware that could steal personal information. Even if it's risking breaking apps, you take the risk and release critical security updates like that ASAP.
|
It is always a cause of particular satisfaction, when a pretentious and arrogant ego-identity of people/some of my friends gets shoved up theirs. "we're so much better than you because of X" ~ well, suck it Circle-jerks aren't that fun once someone turns the lights on!
|
I wouldn't say that Java is an "unsecure mess". Yes, there are exploits, but as long as you either steer clear of suspicious websites, or have NoScript running when you do visit them, you are absolutely fine.
Wait, Mac does have a NoScript equivalent right?
|
Finally, now Apple can't claim they never get viruses.
|
On April 07 2012 04:53 Millitron wrote: I wouldn't say that Java is an "unsecure mess". Yes, there are exploits, but as long as you either steer clear of suspicious websites, or have NoScript running when you do visit them, you are absolutely fine.
Wait, Mac does have a NoScript equivalent right? They do, at least, I have it on my macbook.
I never thought that the claim that macs get no viruses held any water to begin with, and this just confirms that for me.
|
The only reason MAC didn't get hit by the virsus-storms yet, is that the majority didn't use MAC. A developer of a virus ultimately wants to create as much damage or trouble as possible, so why would you write a virus for MAC when you can try to hit Windows. -_-
|
On April 07 2012 04:53 Millitron wrote: I wouldn't say that Java is an "unsecure mess". Yes, there are exploits, but as long as you either steer clear of suspicious websites, or have NoScript running when you do visit them, you are absolutely fine.
Wait, Mac does have a NoScript equivalent right?
By default the Java plugin allows any website to automatically download files to your user directory and execute them, all without your knowledge. Yeah, that's a bit of a problem.
-edit:
On April 07 2012 04:56 Type|NarutO wrote: The only reason MAC didn't get hit by the virsus-storms yet, is that the majority didn't use MAC. A developer of a virus ultimately wants to create as much damage or trouble as possible, so why would you write a virus for MAC when you can try to hit Windows. -_-
Yes and no.
Mac is built on a unix platform that give it certain advantages in terms of security (can't fuck the entire OS install by changing one reg key for example). But Apple also really locks down what users can modify whicht also gives a bit of an advantage.
But, you are correct, as Mac continues to increase market share I think we will for sure
|
On April 07 2012 04:56 Type|NarutO wrote: The only reason MAC didn't get hit by the virsus-storms yet, is that the majority didn't use MAC. A developer of a virus ultimately wants to create as much damage or trouble as possible, so why would you write a virus for MAC when you can try to hit Windows. -_-
this. Thanks for the heads up OP. I'll make sure to be extra careful from now on
|
On April 07 2012 05:02 KaBoom300 wrote:Show nested quote +On April 07 2012 04:56 Type|NarutO wrote: The only reason MAC didn't get hit by the virsus-storms yet, is that the majority didn't use MAC. A developer of a virus ultimately wants to create as much damage or trouble as possible, so why would you write a virus for MAC when you can try to hit Windows. -_- this. Thanks for the heads up OP. I'll make sure to be extra careful from now on
Make sure you run Mac's Software Updater to get the patch, otherwise it may not matter how careful you are.
Info on the update in question: http://support.apple.com/kb/HT5228
|
On April 07 2012 04:56 TheToast wrote:Show nested quote +On April 07 2012 04:53 Millitron wrote: I wouldn't say that Java is an "unsecure mess". Yes, there are exploits, but as long as you either steer clear of suspicious websites, or have NoScript running when you do visit them, you are absolutely fine.
Wait, Mac does have a NoScript equivalent right? By default the Java plugin allows any website to automatically download files to your user directory and execute them, all without your knowledge. Yeah, that's a bit of a problem. -edit: Show nested quote +On April 07 2012 04:56 Type|NarutO wrote: The only reason MAC didn't get hit by the virsus-storms yet, is that the majority didn't use MAC. A developer of a virus ultimately wants to create as much damage or trouble as possible, so why would you write a virus for MAC when you can try to hit Windows. -_- Yes and no. Mac is built on a unix platform that give it certain advantages in terms of security (can't fuck the entire OS install by changing one reg key for example). But Apple also really locks down what users can modify whicht also gives a bit of an advantage. But, you are correct, as Mac continues to increase market share I think we will for sure But like I said, NoScript protects you from all that. I wouldn't want my computer to be impervious to everything without any effort for two reasons.
First, the more security features it has, the more often it will prevent something benign from running. I'm sure we've all had problems getting a multiplayer game to run across a firewall.
Second, if all your security worries are taken care of for you, you get really complacent. You let your guard down, and stop avoiding those malicious sites. Eventually, because you aren't protecting yourself, one of them will hit you, and hard.
|
And my family friends wanted me to get a Mac. Guess their want of attention has finally attracted the virus makers. @ LoLAdriankat,thanks for clarifying
|
Trojans technically aren't viruses. Viruses replicate themselves and spread to multiple computers, this looks to be a trojan horse. So no, Macs still don't get viruses, but that isn't to say they can't get viruses. After this, I think there will be many more to come.
|
On April 07 2012 05:13 LoLAdriankat wrote: Trojans technically aren't viruses. Viruses replicate themselves and spread to multiple computers, this looks to be a trojan horse. So no, Macs still don't get viruses, but that isn't to say they can't get viruses. After this, I think there will be many more to come.
That's really splitting hairs.
But I would also point out that if the Macs in question are part of a botnet, they are being used to send out spam and more malware, so in a sense it is like a virus.
Also the title of the thread clearly says malware and not virus. However I should point out if there's a backdoor on the computer that lets an intruder install all sorts of scripts, they could easily place a virus on the machine; so this is really a rediculous assertion.
|
On April 07 2012 05:09 Reaper9 wrote: And my family friends wanted me to get a Mac. Guess their want of attention has finally attracted the virus makers. @ LoLAdriankat,thanks for clarifying
i definitely find it funny how knee-jerk a lot of these responses are.
person 1: "woah mac got ONE trojan. obviously can't buy a system that can be easily compromised."
person 2: "windows gets trojans all the time."
person 1: "yeah but you just have to protect yourself and buy security software. no big deal."
person 2: -.-
|
Being a windows/android person I'm almost happy this happened. I'm not happy for the people - but for the attention this will create and clarify for people claiming Maxs are immune and virusfree
|
On April 07 2012 05:34 TheDraken wrote:Show nested quote +On April 07 2012 05:09 Reaper9 wrote: And my family friends wanted me to get a Mac. Guess their want of attention has finally attracted the virus makers. @ LoLAdriankat,thanks for clarifying i definitely find it funny how knee-jerk a lot of these responses are. person 1: "woah mac got ONE trojan. obviously can't buy a system that can be easily compromised." person 2: "windows gets trojans all the time." person 1: "yeah but you just have to protect yourself and buy security software. no big deal." person 2: -.-
I think the real issue here is the 8 week Apple sat on this and did nothing. That's not the way a responsible company responds to security issues. Even Microsoft releases updates faster than that.
Also, Apple is constantly touting that one of the things that makes their OS better than Windows is the lack of viruses and malware and this disproves them big time. Also every PC user has had to at one point deal with the snobby hipster Mac user who love to rub the "security" of OSX in their faces.
|
On April 07 2012 05:34 TheDraken wrote:Show nested quote +On April 07 2012 05:09 Reaper9 wrote: And my family friends wanted me to get a Mac. Guess their want of attention has finally attracted the virus makers. @ LoLAdriankat,thanks for clarifying i definitely find it funny how knee-jerk a lot of these responses are. person 1: "woah mac got ONE trojan. obviously can't buy a system that can be easily compromised." person 2: "windows gets trojans all the time." person 1: "yeah but you just have to protect yourself and buy security software. no big deal." person 2: -.-
It's not so knee jerk when they literally say my computer is a piece of junk. My cousins too. Fine, I get your hardware is superior to mine, but I weighed the cost and benefits of getting a Mac, and I still want to stick with windows. If they kept chanting it like a mantra in your ear every time the topic of computers was mentioned, I'm sure you'd get extremely annoyed too. One of their main arguements was "it can't get malware or viruses."
|
On April 07 2012 05:40 Reaper9 wrote:Show nested quote +On April 07 2012 05:34 TheDraken wrote:On April 07 2012 05:09 Reaper9 wrote: And my family friends wanted me to get a Mac. Guess their want of attention has finally attracted the virus makers. @ LoLAdriankat,thanks for clarifying i definitely find it funny how knee-jerk a lot of these responses are. person 1: "woah mac got ONE trojan. obviously can't buy a system that can be easily compromised." person 2: "windows gets trojans all the time." person 1: "yeah but you just have to protect yourself and buy security software. no big deal." person 2: -.- It's not so knee jerk when they literally say my computer is a piece of junk. My cousins too. Fine, I get your hardware is superior to mine, but I weighed the cost and benefits of getting a Mac, and I still want to stick with windows. Dunno what you're talking about. PC hardware will always be superior to Mac hardware if you're just analyzing cost. It's the interface/brand name of Mac that's adding a significant premium (you get superior hardware for a PC because you aren't paying the premium and there's a lot more competition between part makers for PCs)
If they kept chanting it like a mantra in your ear every time the topic of computers was mentioned, I'm sure you'd get extremely annoyed too. One of their main arguements was "it can't get malware or viruses." It's always been wrong. All you gotta do is dig up a few cases of it and just keep turning the tables on them every time they try to bring it up.
|
|
|
|