Flashback Trojan Hits 600,000 Macs and Counting
twoheadedboy writes "A Flashback variant dubbed Backdoor.Flashback.39 has infected over 600,000 Macs, according to Russian security firm Dr Web. The virulent Flashback trojan infecting Apple machines sparked interest earlier this week after it was seen exploiting a Java vulnerability, although it was actually first discovered back in September last year. The Trojan has a global reach after Dr Web found infected Macs in most countries. More than half of the Macs infected are in the US (56.6 percent), while another 19.8 percent are in Canada. The UK has 12.8 percent of infected Macs."
The funny thing is that Linux users still seem to be under this belief about their OS. The truth is that every OS gets malware, it's just about the market share.
However, I have to disagree with you on one point:
The fact that single instances of Mac malware get so blown out of proportion, STILL, is ridiculous.
I don't think it's blown out of proportion, and, rather than being ridiculous, I think it's essential. Mac users generally share a believe that their computer "just works" and that they don't have to be concerned with-- or even aware of-- security. For the good of the community, that should be corrected.
This just offended or confused 90% of the MAC users
If you think 90% of Windows users are any less confused by the "Command Prompt", you have not had to give them technical support.
To be fair this is a Java exploit, and it's already been closed by Apple.
The dullard users are probably receiving security updates automatically, and so they'd have been updated as of Tuesday.
Aside from this, the general public does not seem vulnerable:
Security researchers have uncovered yet another Mac Trojan in the wild, this time hiding inside pirated versions of the Mac OS X image editing application GraphicConverter.
The pirated copy of GraphicConverter 7.4 is being actively distributed on file-sharing networks and torrent sites like Pirate Bay and contains the DevilRobber Trojan, Sophos researchers reported on 29 October. Once on the Mac OS X, DevilRobber creates a backdoor for remote access and installs a Bitcoin miner that uses up spare system resources and steals the content of the user’s Bitcoin wallet, according to Sophos.
Market share has something to do with it, as does a pretty good track record of security, but the type of users that use Linux is also a significant reason that we don't see widespread malware affecting desktop Linux. Your typical Linux user is generally more nerdy, computer literate and security concious.
If you did a survey of how many users clicked on pop-up banners, opened PDFs from spam email, granted permission to untrusted Java applets, etc, I bet the percentage of Linux users who fell in the traps would be smaller than the other OS users.
To be fair this is a Java exploit, and it's already been closed by Apple.
The dullard users are probably receiving security updates automatically, and so they'd have been updated as of Tuesday.
To be fair, that's true of almost all malware that propagates in the wild on Windows-based systems too. Zero-days that haven't been patched by Microsoft/Apple/et al. are very rare on any platform, and usually only available to organizations with resources on the level nation states or the like for espionage/cyber-warfare purposes (c.f. Stuxnet).
Not to mention the network technicians.
The piece said 50% of infected machines were in the US, not 50% of US machines were infected.
And actually I do see linux boxes with old vulnerabilities pretty often. One of the problems with OSS is that updating often breaks libraries... which if you have compiled 3rd party software installed can be a real barrier to updating. We have one machine that has not been updated with any patches for 2-3 years now because they will break installed apps.
OSX has not had a single virus in the wild since its introduction. The first person to get a virus to spread from machine to machine on OSX will be world famous. And it's not like people don't try.
Viruses are self replicating code that spread themselves via the network or sneakernet. Since OSX, Linux, Solaris, FreeBSD and all other sane OSes strip the execute bit from files coming in off the wire, this is a major hurdle to get over, and is why virus and worm propagation on OSX, other Unices, and Unix like OSes like Linux sucks.
This was a trojan. Trojans are different. They typically need to trick the user into installing them, and they do not self-propagate.
But the distinction is lost on people, such as yourself who refuse to believe there is any difference between the Bagel worm and a program that tricks the user to deltree c:\*.* or rm -rf /*
With that said, there is a way to make certain well-behaved Windows viruses and worms spread cross-platform, and that is to run wine. But then the requirement is that the virus or worm be well behaved and not depend on undocumented Windows features. These are few and far between, and even then, it runs in userspace and the cure is to rm -rf .wine.
"even if you want to write a virus for iOS you can't" and "there is zero malware in the app store".
That's because your code is up for review if you want Apple to sell your program for you in the Apple store. They check it for bad stuff and vet the program. The Apple Store is much like the trusted repositories you see in the Linux world. The repo system for Linux has proven time and again this is a good way to go. The only difference with the Apple store is that there is only one repo, theirs.
>implying that third party software vulnerabilities are suddenly the OS vendor's fault
This is not even true in the Windows world. Nobody blames Microsoft for an Adobe Reader or Flash vulnerability. Adobe certainly does attract enough blame themselves.
--
BMO