Mac Flashback Attack Began With Wordpress Blogs 103
With more on the Flashback malware plaguing many Macs, beaverdownunder writes with some explanation of how the infection grew so quickly: "Alexander Gostev, head of the global research and analysis team at Kaspersky, says that 'tens of thousands of sites powered by WordPress were compromised. How this happened is unclear. The main theories are that bloggers were using a vulnerable version of WordPress or they had installed the ToolsPack plug-in.'"
Re:In the end, it's better that it happened (Score:0, Interesting)
Re:In the end, it's better that it happened (Score:4, Interesting)
True. Anybody with half a brain knew this of course. It was merely time for the practical proof.
From here on Apple will have to proof itself in how well it does or doesn't respond to such incidents.
For its first trial by fire, it didn't receive very high marks so far.
Ignorance (Score:4, Interesting)
The main problem here may be ignorance. I use OS X and I only heard about this malware here on Slashdot. I really don't recall reading about it anywhere else. I immediately installed a Java update when it was available because I heard the fix was propagated through it. I might have as well skipped it or postponed it as I often do when I am in a situation when I don't want to wait for the updates to install, e.g. when checking email in a hotel on a vacation or just turning on the laptop to quickly see something like weather forecast.
Most Mac users probably never even heard about Flashback.
Re:In the end, it's better that it happened (Score:5, Interesting)
It's not true. It climbed to 600.000 infections, according to Kaspersky (anti-virus developper) and dropped to 30.000.
Anyone cautious of privacy and security should know that the OS isn't targetted so much anymore, because aside from it being illegal and a more fragmented market now, you can legally spy on people with tracking the web. The web is where all the action happens (Banking, Facebook, etc.). Seriously; install Collusion for Chrome or Firefox, lurk an hour on the web and see what's tracking you. It's insane.
So the new security is in web browsers. And anyone who values their web security has a coockie, script, plugin and TCP/IP domain blocker. And if you had the plugin blocker (disableing the autorun), you wouldn't have this drive-by hack.
But ofcourse even OpenBSD had remote holes, which proves that (and anyone arguing otherwise is an idiot) any OS is hackeable.
What's so funny (actually sad) about this, is that Trusted Computing doesn't protect against this shit. So much for that argument. Even with Gatekeeper (Mac OS X tool for allowing users to decide if they do or do not want to be able to execute non-sealed binaries (DRM'd/ Appstore stuff).
Inb4 fantards.
Re:Walled Garden (Score:4, Interesting)
For this you'll need Apple to back pedal on some simplification they've made to make their OS more accessible to less technical people. (Like installing application simply by drag-droping an icon from an archive into a system folder. With no privilege asked).
Oh darn, I'll feed the troll...
OK, please elaborate how installing an application by simply copying the executable into a location where all executables are stored is insecure. Is there an exploit that has been facilitated by this that would have been impossible otherwise? /Applications is not a system folder BTW. The system is in /System, and /Library. /Applications is a location to install applications, nothing more, nothing less.
Re:In the end, it's better that it happened (Score:5, Interesting)
Wiki says estimates of Conflicker infections were between 9 million and 15 million in Mar 2009. Installed base of PCs was about 1.1 billion then. Which would mean Conflicker had between 0.8% and 1.4% of PCs infected.
It's too close to call.
Msc People are awake now, this is a good thing! (Score:5, Interesting)
I have had non technical Mac users ask me about this, that means that they (or at least more of them than before) are open to advise about security and don't just smugly boast about Macs being invincible any longer. This makes everyone safer from my view.
BTW the advise I give Mac users who ask is as follows:
1: run apple menu->software update manually at least once a week, and download everything it suggests*
2: use a non admin account for daily activity and NEVER provide admin creds unless you know exactly what it is using them for, you should never need to do this while surfing the web.
3: Only get software from trusted sources, like the app store, SourceForge, or vendor web sites like Adobe or Autodesk.
4: Switch to a platform where java is controlled and updated by the first party, Oracle and not a third party, Apple to ensure you have the best security possible.
*Just as with windows or any other *NIX box, there is an exception to the all update thing, if you know that it will break your workflow or some component thereof, you can skip it while that is worked out.
IS Wordpress fundementally broken? (Score:3, Interesting)
I am not a web dev but it seems to me that there are way too many stories that involve wordpress attacks in the past year, I have heard of at least 10 cases of wordpress being compromised, but in that same time not one case of Drupal, Sharepoint, Joomla, or Movable Type having the same issues assuming all were running the latest releases.
Is wordpress broken at it's core, or is it all just crummy plugins that open holes?
Re:Wordpress wasn't that vulnerable, timthumb was. (Score:5, Interesting)
Exactly right. I have noticed a huge upswing of probing behavior in my Wordpress site logs, all targeting timthumb in various common themes. Wordpress is easy to install (and easy to upgrade) but requires ongoing upkeep as vulnerabilities are found and patched. Too many people just install it and let it rot.
Re:In the end, it's better that it happened (Score:5, Interesting)
Let me see if I read this right...
Despite most Mac users not having antivirus installed, it still had roughly the same percentage of users infected as a platform where users DO have antivirus and anti-malware installed (or their users are very aware they're supposed to be running them), but the latter's supposed protections against malware were useless at detecting and/or preventing the Conficker outbreaks.
My takeaway is that Mac users therefore *still* would not benefit from installing and running antivirus software that sucks up resources all the time. The better defence is simply to do system updates weekly.