Forgot your password?
typodupeerror
Desktops (Apple) Security Apple

Mac Flashback Attack Began With Wordpress Blogs 103

Posted by timothy
from the slashcode-was-lower-on-their-target-list dept.
With more on the Flashback malware plaguing many Macs, beaverdownunder writes with some explanation of how the infection grew so quickly: "Alexander Gostev, head of the global research and analysis team at Kaspersky, says that 'tens of thousands of sites powered by WordPress were compromised. How this happened is unclear. The main theories are that bloggers were using a vulnerable version of WordPress or they had installed the ToolsPack plug-in.'"
This discussion has been archived. No new comments can be posted.

Mac Flashback Attack Began With Wordpress Blogs

Comments Filter:
  • by skipkent (1510) on Monday April 23, 2012 @03:35AM (#39768289)

    At it's height it was never as bad as some of the windows viruses have been, but it plants the seed that macs aren't safe and are just as vulnerable as any other OS.

  • Re:Ignorance (Score:3, Insightful)

    by TubeSteak (669689) on Monday April 23, 2012 @04:02AM (#39768419) Journal

    The main problem here may be ignorance.

    The main problem here may be WordPress.
    It didn't have to be OSX malware, they could have targeted any operating system.

  • Re:Ignorance (Score:2, Insightful)

    by Anonymous Coward on Monday April 23, 2012 @04:48AM (#39768553)

    The main problem here may be WordPress.
    It didn't have to be OSX malware, they could have targeted any operating system.

    No, the main problem is arrogance and ignorance.

    WordPress does have security bugs, but if that was it, then there'd be tens of thousands of compromised blogs and nothing else. Your computer shouldn't be compromised simply by going to an untrustworthy site. Period.

    It could have targeted any operating system, but it didn't. It could have targeted Windows which are more numerous by an order of magnitude, but it didn't. The difference is clearly that:

    • The bug was initially in Java, but Oracle patched it relatively quickly. But Apple, with their own custom version of Java, took too long. Many have argued that it's due to a lack of security awareness within Apple.
    • A history of security vulnerabilities in Windows has led to a robust and mature ecosystem of antivirus/antimalware.
    • Users are conditioned to be on the lookout for malware (again, due to Window's chequered history).

    Mac OSX will continue to have zero-day malware attacks, especially as their marketshare grows. In turn, Apple will develop their security team once it becomes obvious the attacks will continue and Mac users will over time learn to be as wary as Windows users.

Forty two.

Working...