Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flashback Trojan Hits 600,000 Macs and Counting

Posted by timothy on from the first-they-came-for-the-windows-machines dept.

twoheadedboy writes "A Flashback variant dubbed Backdoor.Flashback.39 has infected over 600,000 Macs, according to Russian security firm Dr Web. The virulent Flashback trojan infecting Apple machines sparked interest earlier this week after it was seen exploiting a Java vulnerability, although it was actually first discovered back in September last year. The Trojan has a global reach after Dr Web found infected Macs in most countries. More than half of the Macs infected are in the US (56.6 percent), while another 19.8 percent are in Canada. The UK has 12.8 percent of infected Macs."

24 of 429 comments (clear)

  1. Macs don't get hacked by Dunbal · · Score: 5, Funny

    Is it just wrong if I laugh a little?

    --
    Seven puppies were harmed during the making of this post.
    1. Re:Macs don't get hacked by ifrag · · Score: 5, Funny

      Is it just wrong if I laugh a little?

      Try to keep it to a low chuckle. The reality distortion field might break under greater strain.

      --
      Fear is the mind killer.
    2. Re:Macs don't get hacked by alphatel · · Score: 4, Funny

      Is it just wrong if I laugh a little?

      Try to keep it to a low chuckle. The reality distortion field might break under greater strain.

      It just works!

      --
      When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
    3. Re:Macs don't get hacked by Johnny+Mister · · Score: 5, Insightful

      The funny thing is that Linux users still seem to be under this belief about their OS. The truth is that every OS gets malware, it's just about the market share.

    4. Re:Macs don't get hacked by fermion · · Score: 5, Funny

      My surprise is that there are 600K running macs to infect. I thought macs were just bought by rich people to display in there offices while they really used a PC. Clearly this article is propaganda.

      --
      "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
    5. Re:Macs don't get hacked by Tarkadot · · Score: 5, Funny

      So, now that the Reality Distortion Field is weakening, it's time to activate the Someone Else's Problem field?

    6. Re:Macs don't get hacked by ByOhTek · · Score: 4, Funny

      ... I tried to find where I should insert the Prozac. I tried the optical disc tray, but that didn't fix it. How do I unsad my Mac?

      --
      Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
    7. Re:Macs don't get hacked by crazyjj · · Score: 5, Funny

      No, college kids love them. They use them to tweet out messages encouraging their fellow students to fight evil corporations.

      --
      What political party do you join when you don't like Bible-thumpers *or* hippies?
    8. Re:Macs don't get hacked by tripleevenfall · · Score: 4, Insightful

      To be fair this is a Java exploit, and it's already been closed by Apple.

      The dullard users are probably receiving security updates automatically, and so they'd have been updated as of Tuesday.

      Aside from this, the general public does not seem vulnerable:

      Security researchers have uncovered yet another Mac Trojan in the wild, this time hiding inside pirated versions of the Mac OS X image editing application GraphicConverter.

      The pirated copy of GraphicConverter 7.4 is being actively distributed on file-sharing networks and torrent sites like Pirate Bay and contains the DevilRobber Trojan, Sophos researchers reported on 29 October. Once on the Mac OS X, DevilRobber creates a backdoor for remote access and installs a Bitcoin miner that uses up spare system resources and steals the content of the user’s Bitcoin wallet, according to Sophos.

    9. Re:Macs don't get hacked by TheRaven64 · · Score: 5, Interesting

      It's not just about market share, although that does play a large part. For malware you spread you need a large or sufficiently interesting target for someone to bother writing it (an OS with only a dozen users, all of which were major banks that used it for Internet-facing transaction processing systems, for example, would be an interesting target even though it would have a tiny market share).

      Then you need an attack vector. Operating system vulnerabilities aren't that uncommon (check the CVE database for the Linux kernel), but most of the time these attacks come through userspace applications. From there, it depends on what the attacker wants to use. Desktop operating systems tend to be more vulnerable in this regard because very few applications are properly sandboxed, so once you've compromised one you've got complete access to everything the user does. Server software tends to be a bit more careful with privilege separation, so a Linux server may be a lot more secure than a Linux desktop.

      Finally, you need some mechanism for it to spread. This is often related to market share. For example, Windows worms used to be very common because if you look at any random IP on the local network you're likely to find a Windows machine. If you've got some Windows exploit, you can spread to every machine on the network very quickly. The same was true of email worms - a worm that compromised Outlook Express could send a message to everyone in the address book, and at least some of them would be running Outlook Express and so it would spread. In contrast, if the lone Mac in the corner of the office is infected then it's harder for it to find another Mac to infect before someone spots unusual traffic patterns and cleans it up.

      --
      I am TheRaven on Soylent News
    10. Re:Macs don't get hacked by UnknowingFool · · Score: 4, Informative

      From what I read, the payload is delivered when you visit certain sites, but as a Trojan, it asks for and requires the user to enter their admin password to install.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    11. Re:Macs don't get hacked by bmo · · Score: 5, Interesting

      Security researchers have uncovered yet another Mac Trojan in the wild, this time hiding inside pirated versions of the Mac OS X image editing application GraphicConverter.

      This general method, by far, is the quickest and easiest way to create a botnet. Package up some wanted software with your trojan that you checked against the top 20 malware checkers, and upload away to all the public trackers you can find, and some private ones.

      Yet weeks later when your trojan gets added to the malware definitions, you'll continue to see Windows morons download, run a scan, and pronounce "LOL FALSE POSITIVE"

      There is no anti-malware for stupid.

      --
      BMO

    12. Re:Macs don't get hacked by bkaul01 · · Score: 4, Insightful

      To be fair this is a Java exploit, and it's already been closed by Apple.

      The dullard users are probably receiving security updates automatically, and so they'd have been updated as of Tuesday.

      To be fair, that's true of almost all malware that propagates in the wild on Windows-based systems too. Zero-days that haven't been patched by Microsoft/Apple/et al. are very rare on any platform, and usually only available to organizations with resources on the level nation states or the like for espionage/cyber-warfare purposes (c.f. Stuxnet).

    13. Re:Macs don't get hacked by VGPowerlord · · Score: 4, Informative

      the process of keeping updated is more dummy-proof... dummy users are safer on Macs.

      It is? Last time I checked, the default update mode for Windows will install updates the next time your shut down your computer after Windows detects an update has been released.

      This is a bit different in a corporate setting, but I assumed you meant for home users.

      --
      GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
  2. How to tell whether you are infected by daveschroeder · · Score: 5, Informative

    See here: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

    Summary:

    If you open Terminal and run

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    and

    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    and see:

    The domain/default pair of [...] does not exist

    for each, you are not infected. Also, if you run nearly any AV software or other tools like Little Snitch, you are not infected as it checks for these and deletes itself if found.

    Also, no sensible person ever said "Macs don't get [infected/hacked/whatever]." It just a lot less likely, and has historically been, even accounting for differences in marketshare. As Mac share increases, it only makes sense they'll be targeted more with malware. But Macs, as a whole, are indeed "more secure", in that still, to this day, you are far less likely — even with the complacency or, if you prefer, ignorance, of Mac users — to become impacted with any malware than with Windows. Maybe someday this will change. But it's never been true to date, and isn't true now. The fact that single instances of Mac malware get so blown out of proportion, STILL, is ridiculous. (Though, Apple could do better with patching known vulnerabilities in Java on Mac OS X...)

    The same advice and best practices for avoiding malware apply to Macs as well as any other desktop platform, and Mac users would do well to run current AV software. The Sophos free edition is nice.

    1. Re:How to tell whether you are infected by ArhcAngel · · Score: 5, Funny

      Summary:

      If you open Terminal and run

      This just offended or confused 90% of the MAC users

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    2. Re:How to tell whether you are infected by apcullen · · Score: 5, Insightful
      Excellent post.

      However, I have to disagree with you on one point:

      The fact that single instances of Mac malware get so blown out of proportion, STILL, is ridiculous.

      I don't think it's blown out of proportion, and, rather than being ridiculous, I think it's essential. Mac users generally share a believe that their computer "just works" and that they don't have to be concerned with-- or even aware of-- security. For the good of the community, that should be corrected.

    3. Re:How to tell whether you are infected by Sponge+Bath · · Score: 4, Insightful

      This just offended or confused 90% of the MAC users

      If you think 90% of Windows users are any less confused by the "Command Prompt", you have not had to give them technical support.

    4. Re:How to tell whether you are infected by Bill+Hayden · · Score: 5, Funny

      This just offended or confused 90% of the MAC users

      The fact that you wrote Mac as MAC offended or confused an even higher percentage of Mac users.

      --
      Protect your browser with the Force Safe Search add-on
    5. Re:How to tell whether you are infected by kthreadd · · Score: 5, Insightful

      Not to mention the network technicians.

  3. now by ILongForDarkness · · Score: 4, Interesting

    Can we please end the madness where people claim that since an OS is a variant of unix it can't get a virus? Users do stupid things, stupid things have consequences, doesn't matter the make of the car you are driving if you are a drunk moron soon enough you'll crash into something. Similarly if you are a horny moron eventually you'll browse to a site that will find a way to get you to install some junk that will trash your computer all in the name of some desperately needed friction motivation.

  4. About the users too by monkeyhybrid · · Score: 4, Insightful

    Market share has something to do with it, as does a pretty good track record of security, but the type of users that use Linux is also a significant reason that we don't see widespread malware affecting desktop Linux. Your typical Linux user is generally more nerdy, computer literate and security concious.

    If you did a survey of how many users clicked on pop-up banners, opened PDFs from spam email, granted permission to untrusted Java applets, etc, I bet the percentage of Linux users who fell in the traps would be smaller than the other OS users.

  5. Re:Linux by jythie · · Score: 4, Insightful

    The piece said 50% of infected machines were in the US, not 50% of US machines were infected.

    And actually I do see linux boxes with old vulnerabilities pretty often. One of the problems with OSS is that updating often breaks libraries... which if you have compiled 3rd party software installed can be a real barrier to updating. We have one machine that has not been updated with any patches for 2-3 years now because they will break installed apps.

  6. Re:It doesn't get PC Viruses by bmo · · Score: 5, Insightful

    OSX has not had a single virus in the wild since its introduction. The first person to get a virus to spread from machine to machine on OSX will be world famous. And it's not like people don't try.

    Viruses are self replicating code that spread themselves via the network or sneakernet. Since OSX, Linux, Solaris, FreeBSD and all other sane OSes strip the execute bit from files coming in off the wire, this is a major hurdle to get over, and is why virus and worm propagation on OSX, other Unices, and Unix like OSes like Linux sucks.

    This was a trojan. Trojans are different. They typically need to trick the user into installing them, and they do not self-propagate.

    But the distinction is lost on people, such as yourself who refuse to believe there is any difference between the Bagel worm and a program that tricks the user to deltree c:\*.* or rm -rf /*

    With that said, there is a way to make certain well-behaved Windows viruses and worms spread cross-platform, and that is to run wine. But then the requirement is that the virus or worm be well behaved and not depend on undocumented Windows features. These are few and far between, and even then, it runs in userspace and the cure is to rm -rf .wine.

    "even if you want to write a virus for iOS you can't" and "there is zero malware in the app store".

    That's because your code is up for review if you want Apple to sell your program for you in the Apple store. They check it for bad stuff and vet the program. The Apple Store is much like the trusted repositories you see in the Linux world. The repo system for Linux has proven time and again this is a good way to go. The only difference with the Apple store is that there is only one repo, theirs.

    >implying that third party software vulnerabilities are suddenly the OS vendor's fault

    This is not even true in the Windows world. Nobody blames Microsoft for an Adobe Reader or Flash vulnerability. Adobe certainly does attract enough blame themselves.

    --
    BMO