Flashback Trojan Hits 600,000 Macs and Counting 429
twoheadedboy writes "A Flashback variant dubbed Backdoor.Flashback.39 has infected over 600,000 Macs, according to Russian security firm Dr Web. The virulent Flashback trojan infecting Apple machines sparked interest earlier this week after it was seen exploiting a Java vulnerability, although it was actually first discovered back in September last year. The Trojan has a global reach after Dr Web found infected Macs in most countries. More than half of the Macs infected are in the US (56.6 percent), while another 19.8 percent are in Canada. The UK has 12.8 percent of infected Macs."
How to check (Score:2, Interesting)
Is there any way to check whether your Mac is infected?
now (Score:5, Interesting)
Can we please end the madness where people claim that since an OS is a variant of unix it can't get a virus? Users do stupid things, stupid things have consequences, doesn't matter the make of the car you are driving if you are a drunk moron soon enough you'll crash into something. Similarly if you are a horny moron eventually you'll browse to a site that will find a way to get you to install some junk that will trash your computer all in the name of some desperately needed friction motivation.
Re:Macs don't get hacked (Score:2, Interesting)
Apple should advertise OS X to hackers:
Instead of stuff like "Robust Kernel based on Unix" hackers would surely be attracted towards "Familiar Unix-based Kernel with guaranteed fewer security measures than Windows or many Linux distros"
Re:How to tell whether you are infected (Score:4, Interesting)
Also, no sensible person ever said "Macs don't get [infected/hacked/whatever]."
Actually, Apple writes [apple.com] quite a few things that make me (and I'm a Mac user) cringe. For example:
Download with peace of mind.
Innocent-looking files downloaded over the Internet may contain dangerous malware in disguise. That’s why files you download using Safari, Mail, and iChat are screened to determine if they contain applications. If they do, OS X alerts you, then warns you the first time you open one.
Yeah, when you download a file and click on it, a dialog pops up that tells you that the file was downloaded from the internet and may be dangerous. That's all. And after you had to click on that a couple of times for harmless files of all sorts, you just click on it automatically. And, boom, trojan infection ...
Re:Macs don't get hacked (Score:5, Interesting)
It's not just about market share, although that does play a large part. For malware you spread you need a large or sufficiently interesting target for someone to bother writing it (an OS with only a dozen users, all of which were major banks that used it for Internet-facing transaction processing systems, for example, would be an interesting target even though it would have a tiny market share).
Then you need an attack vector. Operating system vulnerabilities aren't that uncommon (check the CVE database for the Linux kernel), but most of the time these attacks come through userspace applications. From there, it depends on what the attacker wants to use. Desktop operating systems tend to be more vulnerable in this regard because very few applications are properly sandboxed, so once you've compromised one you've got complete access to everything the user does. Server software tends to be a bit more careful with privilege separation, so a Linux server may be a lot more secure than a Linux desktop.
Finally, you need some mechanism for it to spread. This is often related to market share. For example, Windows worms used to be very common because if you look at any random IP on the local network you're likely to find a Windows machine. If you've got some Windows exploit, you can spread to every machine on the network very quickly. The same was true of email worms - a worm that compromised Outlook Express could send a message to everyone in the address book, and at least some of them would be running Outlook Express and so it would spread. In contrast, if the lone Mac in the corner of the office is infected then it's harder for it to find another Mac to infect before someone spots unusual traffic patterns and cleans it up.
Re:Macs don't get hacked (Score:5, Interesting)
Security researchers have uncovered yet another Mac Trojan in the wild, this time hiding inside pirated versions of the Mac OS X image editing application GraphicConverter.
This general method, by far, is the quickest and easiest way to create a botnet. Package up some wanted software with your trojan that you checked against the top 20 malware checkers, and upload away to all the public trackers you can find, and some private ones.
Yet weeks later when your trojan gets added to the malware definitions, you'll continue to see Windows morons download, run a scan, and pronounce "LOL FALSE POSITIVE"
There is no anti-malware for stupid.
--
BMO
Re:Macs don't get hacked (Score:3, Interesting)
Please provide reference to a recent study that a windows 7 box with default install will get "629 viruses and trojans a day" - Or did you mean a windows 95 box?
Re:Macs don't get hacked (Score:0, Interesting)
The truth is that even linux can easily be compromised.
I recently experienced a situation where a user got to a voicemail system (web based) for a voip platform (linux based) and from there, without root privileges managed to add an additional root level user and install a ton of malware variants. Ultimately looking at the compromised files (some core system files) being infected I decided to do a fresh install. THANK YOU PALESTINIAN HACKERS/TERRORISTS!
This process is very similar to that of a windows platform.
Anyway, the fact that there are linux malware scanners and OSX malware scanners means that any system is capable of running compromised binaries.