Flashback Trojan Hits 600,000 Macs and Counting 429
twoheadedboy writes "A Flashback variant dubbed Backdoor.Flashback.39 has infected over 600,000 Macs, according to Russian security firm Dr Web. The virulent Flashback trojan infecting Apple machines sparked interest earlier this week after it was seen exploiting a Java vulnerability, although it was actually first discovered back in September last year. The Trojan has a global reach after Dr Web found infected Macs in most countries. More than half of the Macs infected are in the US (56.6 percent), while another 19.8 percent are in Canada. The UK has 12.8 percent of infected Macs."
Fight over the definition! (Score:4, Insightful)
Re:Macs don't get hacked (Score:5, Insightful)
Re:How to tell whether you are infected (Score:5, Insightful)
However, I have to disagree with you on one point:
The fact that single instances of Mac malware get so blown out of proportion, STILL, is ridiculous.
I don't think it's blown out of proportion, and, rather than being ridiculous, I think it's essential. Mac users generally share a believe that their computer "just works" and that they don't have to be concerned with-- or even aware of-- security. For the good of the community, that should be corrected.
Re:How to tell whether you are infected (Score:5, Insightful)
This just offended or confused 90% of the MAC users
If you think 90% of Windows users are any less confused by the "Command Prompt", you have not had to give them technical support.
Yet another Drive By Attack (Score:3, Insightful)
This is the problem with the web. When the first DBI ( Drive By Infection ) happened the code that allowed this sort of thing to happen was not ripped out "with extreme prejudice" and in an old /. post I asked why and there was damn little in the way of a response.
So I ask once again, why has this not been fixed? Why are there so god damn many ways to do this and how come that ability has not been removed?
It seems to me that in the insanity of try to make the browser everything instead of a piece of software that renders text, there is nothing but vulnerability after vulnerability and I really don't see any end in sight since in trying to make the browser do everything it needs more and more access to the core functions of the OS it is running on. How can this not lead to more and more attack vectors?
Re:Macs don't get hacked (Score:5, Insightful)
To be fair this is a Java exploit, and it's already been closed by Apple.
The dullard users are probably receiving security updates automatically, and so they'd have been updated as of Tuesday.
Aside from this, the general public does not seem vulnerable:
Security researchers have uncovered yet another Mac Trojan in the wild, this time hiding inside pirated versions of the Mac OS X image editing application GraphicConverter.
The pirated copy of GraphicConverter 7.4 is being actively distributed on file-sharing networks and torrent sites like Pirate Bay and contains the DevilRobber Trojan, Sophos researchers reported on 29 October. Once on the Mac OS X, DevilRobber creates a backdoor for remote access and installs a Bitcoin miner that uses up spare system resources and steals the content of the user’s Bitcoin wallet, according to Sophos.
About the users too (Score:5, Insightful)
Market share has something to do with it, as does a pretty good track record of security, but the type of users that use Linux is also a significant reason that we don't see widespread malware affecting desktop Linux. Your typical Linux user is generally more nerdy, computer literate and security concious.
If you did a survey of how many users clicked on pop-up banners, opened PDFs from spam email, granted permission to untrusted Java applets, etc, I bet the percentage of Linux users who fell in the traps would be smaller than the other OS users.
Re:Macs don't get hacked (Score:5, Insightful)
To be fair this is a Java exploit, and it's already been closed by Apple.
The dullard users are probably receiving security updates automatically, and so they'd have been updated as of Tuesday.
To be fair, that's true of almost all malware that propagates in the wild on Windows-based systems too. Zero-days that haven't been patched by Microsoft/Apple/et al. are very rare on any platform, and usually only available to organizations with resources on the level nation states or the like for espionage/cyber-warfare purposes (c.f. Stuxnet).
Re:How to tell whether you are infected (Score:2, Insightful)
http://www.youtube.com/watch?v=C5z0Ia5jDt4 [youtube.com]
Haha, Apple must not be a sensible person. :) Go to the 2:40 mark.
Yes, I realize this is a marketing ploy.
In a Michael Moore-esque fashion, they use disingenuous wording to deceive. Apple only ever says that Apple's 'advanced technology' keeps you safe from Windows/PC Viruses, not 'computer viruses' or 'malware' or anything which they could every actually be infected by... because if a virus ever infects a Mac, it won't be a WINDOWS Virus. Crossplatform maybe, but not a Windows Virus.
Re:How to tell whether you are infected (Score:5, Insightful)
Not to mention the network technicians.
So 0.6% of all Macs are infected? (Score:2, Insightful)
There are over 100 million Macs in use in the world*. So what we have here is some random Russian anti-virus firm is claiming that 0.6% of them are infected with a trojan due to a vulnerability in Oracle's Java engine (for which Apple has already sent out an update to patch the vulnerability). And that Russian firm would love to sell you the cure.
Yeah, that totally proves that Macs are just as unsafe as PCs.
* http://wiki.answers.com/Q/How_many_Macintosh_computers_are_in_use_worldwide
Re:Linux (Score:5, Insightful)
And actually I do see linux boxes with old vulnerabilities pretty often. One of the problems with OSS is that updating often breaks libraries... which if you have compiled 3rd party software installed can be a real barrier to updating. We have one machine that has not been updated with any patches for 2-3 years now because they will break installed apps.
Re:Macs don't get hacked (Score:4, Insightful)
The reality distortion field might break under greater strain.
That collapsed the second Jobs died. It's just a matter of time before everyone notices it and you start hearing hipsters and Macheads all saying some variation of:
"Apple just isn't the same since Steve left. They sold out. It used to be about the MUSIC, man!"
Re:Macs don't get hacked (Score:4, Insightful)
Certainly these things are true.
For the novice user, they are safer with a Mac, I don't think that is any less true than it's been for a while. There are less vulnerabilities overall, there's less malware overall, there's no chance they are using IE when on a Mac, the process of keeping updated is more dummy-proof... dummy users are safer on Macs.
And this is just for people using full PCs. Increasingly these novice users are spending all their computing time in iOS which is even less vulnerable.
Re:Macs don't get hacked (Score:4, Insightful)
Yep, idiots doing idiot things because they're idiots. The OS doesn't protect you from yourself., when you tell it to install something it does it.
Re:It doesn't get PC Viruses (Score:5, Insightful)
OSX has not had a single virus in the wild since its introduction. The first person to get a virus to spread from machine to machine on OSX will be world famous. And it's not like people don't try.
Viruses are self replicating code that spread themselves via the network or sneakernet. Since OSX, Linux, Solaris, FreeBSD and all other sane OSes strip the execute bit from files coming in off the wire, this is a major hurdle to get over, and is why virus and worm propagation on OSX, other Unices, and Unix like OSes like Linux sucks.
This was a trojan. Trojans are different. They typically need to trick the user into installing them, and they do not self-propagate.
But the distinction is lost on people, such as yourself who refuse to believe there is any difference between the Bagel worm and a program that tricks the user to deltree c:\*.* or rm -rf /*
With that said, there is a way to make certain well-behaved Windows viruses and worms spread cross-platform, and that is to run wine. But then the requirement is that the virus or worm be well behaved and not depend on undocumented Windows features. These are few and far between, and even then, it runs in userspace and the cure is to rm -rf .wine.
"even if you want to write a virus for iOS you can't" and "there is zero malware in the app store".
That's because your code is up for review if you want Apple to sell your program for you in the Apple store. They check it for bad stuff and vet the program. The Apple Store is much like the trusted repositories you see in the Linux world. The repo system for Linux has proven time and again this is a good way to go. The only difference with the Apple store is that there is only one repo, theirs.
>implying that third party software vulnerabilities are suddenly the OS vendor's fault
This is not even true in the Windows world. Nobody blames Microsoft for an Adobe Reader or Flash vulnerability. Adobe certainly does attract enough blame themselves.
--
BMO
Re:Macs don't get hacked (Score:4, Insightful)
You know that UAC thing people who use Windows like to complain about?
I have to laugh when I see self-proclaimed 'experts' disable UAC, solely because they're smart enough to know where the option to turn it off is; but apparently not smart enough to realize no matter how smart, competent, and safe of a user you think you are, it's never a good idea to run as root, even if you think you're Electronic Jesus who never makes mistakes. (There's considerable overlap between this group of 'experts' and the group of 'experts' who refuse to install MSE because they're 'too good' to need it.)
Microsoft can only go so far to protect its 'expert' users from themselves. At some point, the user's own stupidity is at fault. And a user's stupidity doesn't go away just because they're using a different OS.
Re:Macs don't get hacked (Score:4, Insightful)
600,000 computers didn't get infected because someone downloaded some pirated software loaded with the malware. This is not the DevilRobber trojan, this is Flashback. The Java vulnerabilities used to download and run the virus are exploited via the good old drive-by-download method, which does not require user interaction (thanks, Java!).
According to the Dr Web blog posting, “systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit.”
This is the exact same method that Windows machines get infected. The top 3 infection vectors are Java, Acrobat, and Flash because all 3 of them will load whatever the server tells them to in a hidden iframe if necessary. Vulnerabilities in IE itself account for less than 10 percent of Windows infections, the vast majority are from insecure third-party browser plugins. Those plugins do not all of a sudden become secure, and the vendors don't all of a sudden start using good security practices, just because the target OS runs on Apple-branded hardware.
Re:It doesn't get PC Viruses (Score:4, Insightful)
I said [trojans] do not self-propagate.
You said Sorry to break your bubble, but this was a drive-by exploit using a hole in Java.
That's not self-propagation. It also pretends to be a Flash update. That's not a virus. That's a trojan.
Hope this helps.
--
BMO