Flashback trojan shows Macs do get viruses

April 9, 2012

For years, Mac users have been able to believe that they are safer than the average computer user and turned their noses up at antivirus software. But as Apple’s market share has grown, so has the threat to Mac users’ security.

Last week, a Russian-based security company called Dr. Web reported that up to 600,000 Macs appeared to be part of a growing botnet, mostly in the United States and in Canada. Security researchers are referring to the virus as Flashback.

Mike Geide, a senior security researcher at ZScaler, said that while he can’t confirm Dr. Web’s numbers, the conditions sound right for a malware problem of that scale. The virus should be a wake-up call to those who still think that their Mac is invulnerable to attacks like this, he said.

“The main part of the story is that Mac is not impenetrable to threats — threats exist,” he said.

Geide said that Macs were particularly affected in this attack because of a vulnerability in the Apple version of Java — the company stopped using Oracle’s releases of Java a couple of years ago, and supports its own versions. Yet while Oracle had patched the problem with Java that caused this problem months ago, Apple had yet to address the problem until April 3, when it issued a patch for the vulnerability. It then released a second patch on April 5.

“Oracle had patched this but Apple didn’t patch it until very recently,” he said. “Exploits were seen in the wild since around early to mid-March. That has been a full month of lead time to do bad stuff.”

Several experts have said that this appears to be one of the largest-ever attacks on Macs.

To improve Mac security in the future, Geide recommends that users keep updated versions of Java as they come and automate their computers to check for security updates regularly.

He also recommended that users who have yet to do so bite the bullet and install some kind of antivirus software on their Mac, which should also clean up any machine that’s been infected. If you want to check if you’ve been infected without downloading anti-virus software, the security firm F-Secure has instructions for a good , if technical, way to do so.

There are, of course, also some practices that users can use to minimize the likelihood of infection. For one, don’t click on links in e-mails that you’re not absolutely sure have come from someone you trust. The same goes for opening attachments. If a URL looks suspect, don’t click on it no matter how “hilarious” a video is said to be. Don’t believe promises from ads that sound too good to be true and don’t agree to download any software that you didn’t specifically set out to find.

Finally, any time you’re putting personal, particularly financial, information into a form online, make sure that you see an “https” at the start of the Web address. If you don’t see it, there’s a chance you’ve been redirected to a fake site, particularly if the signal that you’re on a secure server has been there before. Try typing in the address of the Web site you want again — don’t hit refresh — or try an alternate method of getting what you want done.

Related stories:

VentureBeat: Alarmed about botnet trojan, Apple releases update for Macs

Apple releases MacDefender update

Apple Mac Computers Hit in Hacker Attack, Researcher Says

Hayley Tsukayama covers consumer technology for The Washington Post.
Comments
Show Comments
Most Read Business