Malicious software infecting more Androids, and even Apple finds it’s not immune
By Joshua Topolsky,
About two weeks ago, something shocking happened. Apple’s OS X, which has long been thought of as nearly impervious to malware or viruses, was hit with a big, nasty piece of malicious software called Flashback.
The Trojan horse — that’s what these kinds of viruses are called — takes advantage of a vulnerability in Java (a component of the operating system), and then insinuates itself in your system. After the software is inside your Mac, it will gather user names, passwords and other sensitive information from your browser and send that info to command-and-control servers. You know, where the people who got the virus onto your computer in the first place can take advantage of it.
And yes, that’s when the real fun begins.
As of last week, a reported 600,000 computers were infected with the malware (which is only about 1 percent of the total user base), though security software companies and Apple itself have moved quickly to plug the hole as well as get the offending software eradicated from your system. In fact, recent numbers show that the amount of infected machines is dropping dramatically thanks to a speedy address of the problem.
But it shows one thing — even Apple isn’t immune from attacks, and the more popular the brand becomes, the more we’ll have to worry about infected Macs.
Elsewhere in the world, Android is dealing with its own security issues. This week, security software kingpin Symantec identified and aided Google in removing 29 pieces of software from the Google Play app store that were found to be malicious in some way. And those are just the ones they found this week. Earlier reports have made clear that Android phones are particularly open to malware, spoofed apps or otherwise untoward software thanks to Google’s “open” policy about what makes it into its marketplace.
In short, Google doesn’t have the gatekeepers that Apple has, and that can be a plus as well as a minus.
There are some scary numbers out there that suggest this is a rising trend. According to one report, sightings of malware on Android rose 472 percent in the past year, making users 3 percent more likely to see problems on their device. That doesn’t sound like a big jump, but the numbers matter when you’re dealing with an ever-growing user base. A report from the firm Lookout says that during 2011, more than $1 million was stolen from Android users thanks to malicious software on their devices.
Still, it might not be as life-threatening as it all sounds. Some software makers who have a hand in crafting security applications have a vested interest in sparking fear (and then purchases), so some of their numbers may veer to the extreme when the actual threat is somewhat smaller. For instance, Symantec identified one piece of nasty software for Android and said it had been installed on about 70,000 phones but said it could be on as many as 300,000 devices. That’s a pretty big disparity that’s based mostly on speculation.
When it comes to security, however, one thing is clear: This isn’t just a PC problem anymore. In fact, Microsoft has been at it so long and so hard that Windows machines that are regularly updated are actually faring better these days in the face of malware attacks.
And that gets to the crux of the issue — if you want to keep this stuff off of your PC, or Mac (or phone, or tablet) — you need to stay smart. You can’t always ward off an attack, but getting educated about what’s out there can go a long way to keeping your system clean and your data safe.
If you’re really worried about this, you can start by using common sense. Seriously, it works, even on the Internet.
For starters, if a site starts throwing up tons of pop-ups and requests for software downloads or personal information, back away slowly. Your gut can tell you when something is wrong, and any site that feels intrusive probably isn’t a place you should be hanging.
Secondly, don’t ever give out user names or passwords — not in e-mail and not on any site that you don’t completely trust and know. Don’t install software without reading reviews and knowing the source it comes from, and if you see some weird alert to install something on your system and you don’t know where it came from, please, please don’t just hit “OK.”
In the long run, we’re never going to stamp out viruses or malware, but we can make some big inroads on eliminating dumb things that humans do. So keep your eyes and ears open, don’t share information, and for heaven’s sake don’t open the e-mail with the subject line “ILOVEYOU.” Well, not unless you’re really a glutton for punishment.
Related coverage: Apple releases malware detection tool Flashback trojan shows Macs do get viruses Macs hit in hacker attack