A Week After Apple's Fix, Flashback Still Infects Half a Million Macs

Sparrowvsrevolution writes "Security firm Dr. Web released new statistics Friday showing that the process of eliminating Flashback from Macs is proceeding far slower than expected: On Friday the security firm, which first spotted the Mac botnet earlier this month, released new data showing that 610,000 active infected machines were counted Wednesday and 566,000 were counted Thursday. That's a slim decrease from the peak of 650,000 to 700,000 machines infected with the malware when Apple released its cleanup tool for the trojan late last week. Earlier in the week, Symantec reported that only 140,000 machines remained infected, but admitted Friday that an error in its measurement caused it to underestimate the remaining infections, and it now agrees with Dr. Web's much more pessimistic numbers."

semantics of the term "Trojan"

According to wikipedia, Flashback uses web redirects and javascript to automatically load a Java applet that contains the vulnerability.

In my book, it's only a Trojan if a real person is duped into executing it, and IMHO an infected legitimate website redirecting someone to a malicious website that automatically runs something that infects the user's computer does not count as duping a person into executing something.

TL;DR: Flashback is not a trojan. We need a new term for this type of threat.

Re:semantics of the term "Trojan"

[DarwinSurvivor]

I believe they call it a "drive by".

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[Billly+Gates]

10.5 makes up 16.5% of Mac users, sure a lot are on PPC and the Flashback isn't targeting it, or is it?

Also about 4-5% are still on 10.4%

Apple didn't issue Diginotar Root certs fixes for these older OS X version neither.

Come when 10.8 is released, a whopping 65% of Mac users on 10.4-10.6 will be ripe for the pickings

Because Apple only updates the last two OS X versions in circulation, then is now releasing a new OS X version every year.

Microsoft on the other hand issues updates for their OS for 10 years?

Mac's a better value? Less prone to malware? Not for too much longer...

... and yet I find it hilarious when I read all the angry rants on wired.com and here on how poor old XP is going to lose support in 2 years a mere 13.5 years after launch.

This dwells into the more serious issue of the security nightmare that will come when all internet enabled computers that are more used like XP become abandonded. Personally I think it would be a good idea to disable port 80 on all devices 3 months after support ends to keep the upcoming security nightmare. It will anger many users but many malware writters will target XP if MacOSX has so many infections yet remains so small marketshare wise still. We do not allow vehicles with rags for a gas cap to go on the road right?

I understand Apple losses money to support users but something should be done. If not after a few billion lost dollars in bank accounts will create some nasty lawsuits.

Re:Well clearly

[kybred]

The Software Update only notifies you of an available update and optionally downloads it in the background. It does not install the update automatically, a user has to click to start the update (and would have to provide admin authentication if they weren't logged into an admin account).

Re:Apple didn't issue fix 10.5, 16.5% of it's user

[Moridineas]

PPC macs have not been sold since 2006. They are no longer supported (we still run 2 power pc macs running 10.4 at work, fwiw, running legacy applications). They were supported through the end of 10.5 (early 2011). 5+ years.

OSX 10.6 and 10.7 are being actively updated. I hate 10.7 and have stuck with 10.6.

First generation Intel Macs were released running 10.4. First generation Intel macs can run OSX 10.7, so they are still supported. They will no longer be supported with 10.8. ~6 years.

Apple seems to roughly support hardware for at least 5 years (given that we've gone through a PPC->Intel transition AND a 32-bit to 64-bit transition in the last ~7 years, not too shabby). I hope they will keep updating 10.6 now that they are hurrying up their OS release schedules.

Re:There has been little else more pleasant in lif

[LinuxIsGarbage]

Ask any enterprise who migrated from XP to Windows 7 and they all say a drop in malware and virus infections is the first thing they notice.

Flash drive Autorun viruses!

By default XP SP1 and newer (IIRC) while not automatically running autorun.inf files from flash drives, will give you the "What do you want to do" prompt including the autorun option. If you decline that, but double click the drive in my computer it will go ahead and run the autorun with no warning or indication. The default action on Windows 7 is to not even try to run autorun from flash drives.

On any computer I have control over (personal or for work) I completely disable autorun because:
a) It's annoying
b) It's dangerous.

Two large corporations I've worked for recently (still using XP) did not disable autorun! It's amazing how much autorun malware runs rampant. Crappy overpriced Symantec or McAfee don't pick them up either. I alert people when I stick their flash drive in my computer and notice hidden autorun.inf files, and hidden mischievous folders with random file names. I usually get stunned looks from them.

I also get stunned looks from IT when I point out the gaping, tractor-trailer sized hole in their security.