Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Sunday, April 08, 2012

Time to Protect Your Macintosh Computer

Over the years I’ve attended a number of conferences and panels on what originally was called Spyware and Adware. I think we’ve finally settled on using the term Malware for any kind of spyware, virus, Trojan horse or any kind of unwanted computer invasion. I fondly remember my first conference in Washington DC which included panel discussions like “What is Spyware”.


Manessa Mithal, Acting Director, International Division of the FTC, Chris Boyd,(Paperghost)Facetime, vitalsecurity.org,  Katherine Tassi, Washington State AG, Luis Villa, Berkman Center for Internet and Society, Harvard University, StopBadware.org
Anti-Spyware Coalition 2006 - Tracking Spyware Across Borders

I will also never forget, Jeff Fox, who at the time introduced himself as an editor from Consumer Reports magazine. Jeff insisted the Macintosh was “less hospitable” to spyware.  It had nothing to do with the Mac’s 1.5% market share, Jeff implied, Apple created their OS with less vulnerabilities. Ed Skoudis from SANS Institute, countered noting that, “OS10 has had a number of significant security flaws” and that they’re not as widely publicized because they don’t impact as many people.

Since that time Apple has widely increased their visibility. Some estimates put the Macintosh market share above 14%. While many malware authors are targeting the iPhone and iPad, it appears someone has created a Trojan Horse that has spread to over 600,000 Macs including hundreds of machines that report their address coming from Apple headquarters in Cupertino.

If you own a Macintosh computer there’s a chance you’ve been infected even if you run some kind of Anti-Virus software. If you’ve been on a website that offered to update your Flash player, there’s even a better chance you’re one of the 600,000+.

Apple has provided an update with instructions click here. The so called OSX/Flashback Trojan uses a flaw in Oracle’s JAVA. Both Apple and PC users that depend on JAVA should be sure they have the newest version available. PC users who use JAVA click here. Macintosh users should update their software at http://support.apple.com/kb/HT1222 as soon as possible.

Special thanks to our friends at F-Secure labs for their research and Kaspersky Labs who reverse engineered Flashback and were able to verify the number of infected machines by setting up their own bot honey pot based on the Flashback code.  Read more here.

It used to be once a month someone would ask if there is a version of WinPatrol for the Mac.  Lately it’s been 2-3 times a week. I was able to secure the domains LinPatrol.com and DroidPatrol.com but MacPatrol was taken by the time I tried to register it.

Read More Info including technical details below:

Mac Flashback Trojan Affecting Thousands: Apple Issues Fix
Huffington Post

Mac Flashback Trojan: Find Out If You’re One of the 600,000 Infected
Gizmodo

Has Flashback malware made you consider installing antivirus on your Mac? ZDNet - Adrian Kingsley-Hughes

New Mac malware epidemic exploits weaknesses in Apple ecosystem
ZDNet – Ed Bott   (Special thanks for correcting my error)


Doctor Web exposes 550 000 strong Mac botnet
Doctor Web—the Russian anti-virus vendor

Share on Facebook


4 Comments:

Blogger Corrine said...

There are a couple of simple methods for Mac users to check to see if their computer is infected with Flashback.

1) via Forbes, An Easy Way To Check Your Mac For The Flashback Malware

2) via DrWeb, Dr.Web C&C Botnet HW-UUID checker

8:45 PM  
Anonymous Apple Mac Support London said...

There are a couple of simple methods for Mac.

1:41 AM  
Blogger Unknown said...

Thanks Apple Mac Support London. It might have been more useful if you included some links to these methods like Corrine did with her links.

Bill

6:18 PM  
Anonymous GCooper said...

So tell me, my wife has a Mac, of which I know nothing. What programs
(shareware I hope) should she have on it to 1. Protect it. 2. Keep it in good running order? 3. Make sure it isn't infected by malware.

3:11 PM  

Post a Comment

<< Home