Finally, evidence that people are starting to care about Apple computers

[bobdoering]

New Mac malware epidemic exploits weaknesses in Apple ecosystem

Looks like "overgrown cell phones that don't make calls" (iPads) have finally pushed Apple into the forefront of popularity - as illustrated here:

For Mac owners, the nightmare scenario finally arrived. A piece of malware called Flashback, which has been in existence and steadily evolving for at least seven months, has infected more than 600,000 Macs worldwide, based on forensic analysis by a Russian antivirus company.

What makes this outbreak especially chilling is that the owners of infected Macs didn’t have to fall for social engineering, give away their administrative password, or do something stupid. All they had to do was visit a web page using a Mac that had a current version of Java installed.

Java has always been a treat.

The best point:

A gain of a few percentage points in the Mac market might not seem like a lot, but in a universe with a billion Internet-connected devices, each percentage point equals a potential 10 million victims. A market with 60 million, 80 million, or even a hundred million Mac users is big enough for the bad guys.

Upcoming versions of crimeware kits will probably be cross-platform, with the capability to build and deliver Windows and OS X packages using as many vulnerabilities and social engineering tricks as possible. On every poisoned web page, visitors get sorted by OS: Windows users this way, OS X users over there. Each group gets its own custom, toxic blend. If all it takes is a tick of a check box, the gangs using these kits can jump into the Mac market literally overnight.

So now the question is when will that day come? This year? Next year?

Apparently, the time is now. Welcome to the red carpet.

 

[Marc]

To start out with, it has nothing to do with iPads and/or iPhones. It has to do with Macs running OS X with an unpatched Java exploit, and while it may install its self even if an admin password isn't given, it's obvious "Houston, there's a problem" when that requester box comes up (and it shows that even though a password hasn't been entered the trojan is being installed right in the admin password requester box).

Big headline from a small Russian company. No doubt there are compromised Macs, but doubtful 600K.

There have been Mac trojans before. The main thing it's relatively fast and easy to clean up if one does end up with a compromised Mac. No registry to have to fool around with or anything. Not to mention, it checks for virus programs and other programs like "Little Snitch" (which I've used for many years), MS Office and several other rather common programs. If any of them are found, the trojan deletes its self.

It's like Apple getting skewered over the Foxconn stuff. Big news, but no one seems to mention Foxconn makes stuff for many, many brands of electronics including, but not limited to.
Acer Inc. (Taiwan)
Amazon.com (United States)
Cisco (United States)
Dell (United States)
Hewlett-Packard (United States)
Intel (United States)
Microsoft (United States)
Motorola Mobility (United States)
Nintendo (Japan)
Nokia (Finland)[38]
Samsung Electronics (South Korea)
Sony (Japan)
Toshiba (Japan)
Vizio (United States)

Yet - Only Apple is in the news.

In the last 10 years, find any significant Mac "infection". Google it.

I've been hearing the same story for so many years ("You just wait!") as Windows machines toppled like dominos, that it get's old.

Don't take me wrong. There is *NO* OS which is bullet proof. I run too many different OSes on different computers that I know that. But this isn't what the headlines would have you believe.

As a last thought, I know a lot of people complain about Apple's "walled garden" for the iPhone and iPad (and Mac OS X is going that way). Personally, I say bring it on. The majority of computer users don't need all the stuff someone like me needs. In fact computer sales are flat. Tablets are the future for most people. That's not to say something malicious can't get through, over, or under the wall (the Apple "app" store), but they do a pretty good job of screening apps.

 

[Marc]

Update: I have been screening the web and so far there is no collaboration on the number of infected Macs. This is turning into a farce. Yes, the exploit is (Well, was - It's patched) real, but it comes down to only one company reporting *any* numbers, and so far I haven't seen even 1 report of someone actually having found it on their Mac.

Looking at their web site, the top ribbon says "Dr.WEB®" and then "20 years" below that, with no explanation of what the 20 years refers to. Then their company history page says, "December 22, 2003 - Foundation of Doctor Web, Ltd." yet the first product mentioned is version 4.30, released on August 13, 2003. There are no official company history entries earlier than 2003.

Yet below, in the footer, we get, "Doctor Web is a Russian IT-security solutions vendor. Dr.Web anti-virus software has been developed since 1992." Maybe the people behind it operated under a different name, but that certainly isn't reflected in the 'Company History Facts' page.

Going over to Company Profile we see, "Year development and marketing of Dr.Web Anti-virus began: 1992". Good luck finding any third-party corroboration of that claim. Their sole US 'partner' appears to be http://www.firelandscs.com/

So until someone other than Dr. Web® can verify these claims and figures, I'm filing this one under 'meh'.

 

[Marc]

Update: So far I have found <30 users on various web sites and Twitter claiming they were infected.

 

[bobdoering]

Your research may be right, 5% of the market still isn't enough of a target for them to bother to toy with. Thought there might have been a glimmer of relevance of the product.

 

[Marc]

Please don't get me wrong. There *are* exploits out there, but there are for every OS. "Safe" computing should be practiced by everyone. This specific case, however, appears to be being blown way out of proportion. Lots of headlines but other than that... Hard to pin anything down.

 

[Marc]

OK - I may have to "eat my hat". I still have doubts about the numbers, but it's very real.

Mac fix: Kaspersky Lab beats Apple to anti-Flashback Trojan software

BTW - Technically it's a "drive-by trojan" (you have to visit an "infected" web page), not a virus (collectively called "malware" by most people these days), which uses a java exploit for entry.

 

[Marc]

Update:

In the third update to Java that Apple has released this week, the update now identifies and removes the most common variants of the Flashback malware that has infected over half a million Apple machines. 'This Java security update removes the most common variants of the Flashback malware,' Apple wrote in the support document for the update. 'This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.'*

Go to your Mac's "Software Updates" (apple menu items on the far left) and get your update NOW! I have!

* Smart move.