New, sneakier Flashback malware infects Macs

Ditches all attempts at duping users with social engineered tactics, exploits Java bug through drive-by attacks

By , Computerworld |  Security, flashback malware, Mac

It wouldn't be a surprise if Apple's tool did not eliminate Flashback.S: Last year, cyber criminals and Apple went several rounds over MacDefender, a family of fake antivirus programs that wriggled onto a large number of Macs. Several times, the hackers responded to Apple moves by modifying their tactics or code to sidestep just-deployed defenses.

Flashback is easily the most widespread and pernicious malware Mac owners have yet faced.

After a counting controversy, security companies last week agreed that the tally of infected Macs -- thought to have dropped to as low as 30,000 -- was in fact wrong, and that approximately 650,000 machines still harbored the malware.

Today, U.K.-based Sophos, using data mined from people who run its free Mac antivirus program, claimed that 2.7% of all Macs were infected with malware of some kind. Of those machines, 75% were infested with Flashback.

James tipped his figurative hat to the hackers for their persistence. "There aren't a dozen different groups behind [Flashback]," he said. "They're still hammering on the same vulnerabilities."

Clearly, the attackers are successful enough to keep at it, and keep improving their malware. James thought he knew why.

"Java is more widespread on Macs than most [Mac users] want to admit," he said, countering comments by some Mac owners who have expressed disbelief that the Flashback infection tally was as large as security companies claimed.

"Java is very easy to install, even on Lion," added James, referring to OS X 10.7, which does not include Java, but will ask the user to download it the first time he or she tries to run a Java applet. "Given the number of Macs, there are a lot of OS X people running Java."

Mac owners running either OS X 10.7 or 10.6 -- the latter is better known as Snow Leopard -- can protect themselves from Flashback.S attacks by updating Java using their machines' Software Update tool.

Because Apple has stopped shipping security updates for older editions -- OS X 10.5, or Leopard, and all its predecessors -- those users must either remove Java manually or disable it in their browsers.

About 18% of Mac owners ran Leopard or earlier on their systems last month, according to the most recent statistics from Internet metrics company Net Applications.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question