Slashdot Mirror


Mac Flashback Attack Began With Wordpress Blogs

With more on the Flashback malware plaguing many Macs, beaverdownunder writes with some explanation of how the infection grew so quickly: "Alexander Gostev, head of the global research and analysis team at Kaspersky, says that 'tens of thousands of sites powered by WordPress were compromised. How this happened is unclear. The main theories are that bloggers were using a vulnerable version of WordPress or they had installed the ToolsPack plug-in.'"

5 of 103 comments (clear)

  1. Re:In the end, it's better that it happened by V!NCENT · · Score: 4, Interesting

    It's not true. It climbed to 600.000 infections, according to Kaspersky (anti-virus developper) and dropped to 30.000.

    Anyone cautious of privacy and security should know that the OS isn't targetted so much anymore, because aside from it being illegal and a more fragmented market now, you can legally spy on people with tracking the web. The web is where all the action happens (Banking, Facebook, etc.). Seriously; install Collusion for Chrome or Firefox, lurk an hour on the web and see what's tracking you. It's insane.

    So the new security is in web browsers. And anyone who values their web security has a coockie, script, plugin and TCP/IP domain blocker. And if you had the plugin blocker (disableing the autorun), you wouldn't have this drive-by hack.

    But ofcourse even OpenBSD had remote holes, which proves that (and anyone arguing otherwise is an idiot) any OS is hackeable.

    What's so funny (actually sad) about this, is that Trusted Computing doesn't protect against this shit. So much for that argument. Even with Gatekeeper (Mac OS X tool for allowing users to decide if they do or do not want to be able to execute non-sealed binaries (DRM'd/ Appstore stuff).

    Inb4 fantards.

    --
    Here be signatures
  2. Re:In the end, it's better that it happened by BasilBrush · · Score: 4, Interesting

    Wiki says estimates of Conflicker infections were between 9 million and 15 million in Mar 2009. Installed base of PCs was about 1.1 billion then. Which would mean Conflicker had between 0.8% and 1.4% of PCs infected.

    It's too close to call.

  3. Msc People are awake now, this is a good thing! by anthony_greer · · Score: 5, Interesting

    I have had non technical Mac users ask me about this, that means that they (or at least more of them than before) are open to advise about security and don't just smugly boast about Macs being invincible any longer. This makes everyone safer from my view.

    BTW the advise I give Mac users who ask is as follows:
    1: run apple menu->software update manually at least once a week, and download everything it suggests*
    2: use a non admin account for daily activity and NEVER provide admin creds unless you know exactly what it is using them for, you should never need to do this while surfing the web.
    3: Only get software from trusted sources, like the app store, SourceForge, or vendor web sites like Adobe or Autodesk.
    4: Switch to a platform where java is controlled and updated by the first party, Oracle and not a third party, Apple to ensure you have the best security possible.

    *Just as with windows or any other *NIX box, there is an exception to the all update thing, if you know that it will break your workflow or some component thereof, you can skip it while that is worked out.

  4. Re:Wordpress wasn't that vulnerable, timthumb was. by AndrewStephens · · Score: 4, Interesting

    Exactly right. I have noticed a huge upswing of probing behavior in my Wordpress site logs, all targeting timthumb in various common themes. Wordpress is easy to install (and easy to upgrade) but requires ongoing upkeep as vulnerabilities are found and patched. Too many people just install it and let it rot.

    --
    sheep.horse - does not contain information on sheep or horses.
  5. Re:In the end, it's better that it happened by quacking+duck · · Score: 4, Interesting

    Let me see if I read this right...

    Despite most Mac users not having antivirus installed, it still had roughly the same percentage of users infected as a platform where users DO have antivirus and anti-malware installed (or their users are very aware they're supposed to be running them), but the latter's supposed protections against malware were useless at detecting and/or preventing the Conficker outbreaks.

    My takeaway is that Mac users therefore *still* would not benefit from installing and running antivirus software that sucks up resources all the time. The better defence is simply to do system updates weekly.