Flashback Trojan Hits 600,000 Macs and Counting

← Back to Stories (view on slashdot.org)

Flashback Trojan Hits 600,000 Macs and Counting

Posted by timothy on Thursday April 5, 2012 @01:23AM from the first-they-came-for-the-windows-machines dept.

twoheadedboy writes "A Flashback variant dubbed Backdoor.Flashback.39 has infected over 600,000 Macs, according to Russian security firm Dr Web. The virulent Flashback trojan infecting Apple machines sparked interest earlier this week after it was seen exploiting a Java vulnerability, although it was actually first discovered back in September last year. The Trojan has a global reach after Dr Web found infected Macs in most countries. More than half of the Macs infected are in the US (56.6 percent), while another 19.8 percent are in Canada. The UK has 12.8 percent of infected Macs."

14 of 429 comments (clear)

Macs don't get hacked by Dunbal · 2012-04-05 01:25 · Score: 5, Funny

Is it just wrong if I laugh a little?

--
Seven puppies were harmed during the making of this post.
1. Re:Macs don't get hacked by ifrag · 2012-04-05 01:29 · Score: 5, Funny
  
  Is it just wrong if I laugh a little?
  Try to keep it to a low chuckle. The reality distortion field might break under greater strain.
  
  --
  Fear is the mind killer.
2. Re:Macs don't get hacked by Johnny+Mister · 2012-04-05 01:37 · Score: 5, Insightful
  
  The funny thing is that Linux users still seem to be under this belief about their OS. The truth is that every OS gets malware, it's just about the market share.
3. Re:Macs don't get hacked by fermion · 2012-04-05 01:42 · Score: 5, Funny
  
  My surprise is that there are 600K running macs to infect. I thought macs were just bought by rich people to display in there offices while they really used a PC. Clearly this article is propaganda.
  
  --
  "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
4. Re:Macs don't get hacked by Tarkadot · 2012-04-05 01:45 · Score: 5, Funny
  
  So, now that the Reality Distortion Field is weakening, it's time to activate the Someone Else's Problem field?
5. Re:Macs don't get hacked by crazyjj · 2012-04-05 01:47 · Score: 5, Funny
  
  No, college kids love them. They use them to tweet out messages encouraging their fellow students to fight evil corporations.
  
  --
  What political party do you join when you don't like Bible-thumpers *or* hippies?
6. Re:Macs don't get hacked by TheRaven64 · 2012-04-05 02:11 · Score: 5, Interesting
  
  It's not just about market share, although that does play a large part. For malware you spread you need a large or sufficiently interesting target for someone to bother writing it (an OS with only a dozen users, all of which were major banks that used it for Internet-facing transaction processing systems, for example, would be an interesting target even though it would have a tiny market share).
  Then you need an attack vector. Operating system vulnerabilities aren't that uncommon (check the CVE database for the Linux kernel), but most of the time these attacks come through userspace applications. From there, it depends on what the attacker wants to use. Desktop operating systems tend to be more vulnerable in this regard because very few applications are properly sandboxed, so once you've compromised one you've got complete access to everything the user does. Server software tends to be a bit more careful with privilege separation, so a Linux server may be a lot more secure than a Linux desktop.
  Finally, you need some mechanism for it to spread. This is often related to market share. For example, Windows worms used to be very common because if you look at any random IP on the local network you're likely to find a Windows machine. If you've got some Windows exploit, you can spread to every machine on the network very quickly. The same was true of email worms - a worm that compromised Outlook Express could send a message to everyone in the address book, and at least some of them would be running Outlook Express and so it would spread. In contrast, if the lone Mac in the corner of the office is infected then it's harder for it to find another Mac to infect before someone spots unusual traffic patterns and cleans it up.
  
  --
  I am TheRaven on Soylent News
7. Re:Macs don't get hacked by bmo · 2012-04-05 02:21 · Score: 5, Interesting
  
  Security researchers have uncovered yet another Mac Trojan in the wild, this time hiding inside pirated versions of the Mac OS X image editing application GraphicConverter.
  This general method, by far, is the quickest and easiest way to create a botnet. Package up some wanted software with your trojan that you checked against the top 20 malware checkers, and upload away to all the public trackers you can find, and some private ones.
  Yet weeks later when your trojan gets added to the malware definitions, you'll continue to see Windows morons download, run a scan, and pronounce "LOL FALSE POSITIVE"
  There is no anti-malware for stupid.
  --
  BMO
How to tell whether you are infected by daveschroeder · 2012-04-05 01:37 · Score: 5, Informative

See here: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
Summary:
If you open Terminal and run
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
and
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
and see:
The domain/default pair of [...] does not exist
for each, you are not infected. Also, if you run nearly any AV software or other tools like Little Snitch, you are not infected as it checks for these and deletes itself if found.
Also, no sensible person ever said "Macs don't get [infected/hacked/whatever]." It just a lot less likely, and has historically been, even accounting for differences in marketshare. As Mac share increases, it only makes sense they'll be targeted more with malware. But Macs, as a whole, are indeed "more secure", in that still, to this day, you are far less likely — even with the complacency or, if you prefer, ignorance, of Mac users — to become impacted with any malware than with Windows. Maybe someday this will change. But it's never been true to date, and isn't true now. The fact that single instances of Mac malware get so blown out of proportion, STILL, is ridiculous. (Though, Apple could do better with patching known vulnerabilities in Java on Mac OS X...)
The same advice and best practices for avoiding malware apply to Macs as well as any other desktop platform, and Mac users would do well to run current AV software. The Sophos free edition is nice.
1. Re:How to tell whether you are infected by ArhcAngel · 2012-04-05 01:48 · Score: 5, Funny
  
  Summary:
  
  If you open Terminal and run
  
  This just offended or confused 90% of the MAC users
  
  --
  "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
2. Re:How to tell whether you are infected by apcullen · 2012-04-05 01:55 · Score: 5, Insightful
  
  Excellent post.
  
  However, I have to disagree with you on one point:
  
  The fact that single instances of Mac malware get so blown out of proportion, STILL, is ridiculous.
  
  I don't think it's blown out of proportion, and, rather than being ridiculous, I think it's essential. Mac users generally share a believe that their computer "just works" and that they don't have to be concerned with-- or even aware of-- security. For the good of the community, that should be corrected.
3. Re:How to tell whether you are infected by Bill+Hayden · 2012-04-05 02:21 · Score: 5, Funny
  
  This just offended or confused 90% of the MAC users
  The fact that you wrote Mac as MAC offended or confused an even higher percentage of Mac users.
  
  --
  Protect your browser with the Force Safe Search add-on
4. Re:How to tell whether you are infected by kthreadd · 2012-04-05 02:40 · Score: 5, Insightful
  
  Not to mention the network technicians.
Re:It doesn't get PC Viruses by bmo · 2012-04-05 03:05 · Score: 5, Insightful

OSX has not had a single virus in the wild since its introduction. The first person to get a virus to spread from machine to machine on OSX will be world famous. And it's not like people don't try.
Viruses are self replicating code that spread themselves via the network or sneakernet. Since OSX, Linux, Solaris, FreeBSD and all other sane OSes strip the execute bit from files coming in off the wire, this is a major hurdle to get over, and is why virus and worm propagation on OSX, other Unices, and Unix like OSes like Linux sucks.
This was a trojan. Trojans are different. They typically need to trick the user into installing them, and they do not self-propagate.
But the distinction is lost on people, such as yourself who refuse to believe there is any difference between the Bagel worm and a program that tricks the user to deltree c:\*.* or rm -rf /*
With that said, there is a way to make certain well-behaved Windows viruses and worms spread cross-platform, and that is to run wine. But then the requirement is that the virus or worm be well behaved and not depend on undocumented Windows features. These are few and far between, and even then, it runs in userspace and the cure is to rm -rf .wine.
"even if you want to write a virus for iOS you can't" and "there is zero malware in the app store".
That's because your code is up for review if you want Apple to sell your program for you in the Apple store. They check it for bad stuff and vet the program. The Apple Store is much like the trusted repositories you see in the Linux world. The repo system for Linux has proven time and again this is a good way to go. The only difference with the Apple store is that there is only one repo, theirs.
>implying that third party software vulnerabilities are suddenly the OS vendor's fault
This is not even true in the Windows world. Nobody blames Microsoft for an Adobe Reader or Flash vulnerability. Adobe certainly does attract enough blame themselves.
--
BMO