![]() ![]() ![]() At the same time, companies including Microsoft have made renewed efforts to close down botnets and capture those behind aggressive malware. But the combination of a software update from Apple, and a raid by Russian police put paid to the short-lived attack.Īlthough a number of commentators forecast at the time of MacDefender that it was the beginning of a fresh wave of attacks against the Mac OS X platform, it didn't materalise. In May 2011, Russian hackers targeted Mac OS X, which was hit by a wave of infections driven by a Trojan program called MacDefender – often spread via infected images in Google's image search. Neither Flasback's authors nor their location has become clear. That may have led malware writers to target the platform with renewed vigour. In the second half of 2011, Apple Macintosh sales passed 5% of the total PC market for the first time in more than a decade the latest figures from Gartner say that in the US, it achieved 10% of personal computer sales in the first quarter of the year. In relative terms, it is at least equivalent to the Conficker outbreak on Windows, which affected millions of PCs – though only affecting less than 1% of the total installed base. The extent of the outbreak makes the Flashback infection, which was first detected at the end of March by the Russian security firm Dr Web, by far the largest ever to hit the Mac OSX platform. Krebs says: "If you don't need Java, remove it from your system, whether you are a Mac or Windows user." ![]() Although Java is not included in Mac OS X 10.7, aka Lion, which was released last year, anyone who had upgraded their system from an earlier version of the OS would have it, as would anyone who downloaded it to run programs such as Adobe's Creative Suite.Ĭrucially, Apple maintains its own version of Java, and had left the flaw unpatched for weeks: Oracle released a fix on 17 February, which was distributed to Windows users.īrian Krebs, a security expert, comments that Apple's lackadaisical (and often plain puzzling) response to patching dangerous security holes perpetuates the harmful myth that Mac users don't need to be concerned about malware attacks. The latest version using the Java exploit meant users could be infected without taking any action via their browser if Java was enabled simply by navigating to an infected site.Ī number of websites require Java to provide functionality. It could also organise infected machines into a botnet able to attack websites or, potentially, host fake websites and other unwanted content. Once installed, the malware monitors network traffic to steal passwords and login details for various sites and systems, attempts to install itself as a root program able to access all users' files, and may also download other software from control servers silently. More recent variants exploited other flaws – notably in Java. The first variants of Flashback appeared last September, masquerading as updates to Adobe's Flash player software. Mashable also offers links to a pair of scripts that will check Safari – though not other browsers – for infection.) ( The security company F-Secure has instructions so that Mac users can discover whether they are infected. ![]() Users of systems running earlier versions of Mac OS X are advised to disable Java. And that's the benefit of having a gateway product that can inspect content in real time: Data is data, regardless of what the endpoint is (Windows, OS X, iOS, Android, etc.).Update: Apple has released the removal tool, for systems running Mac OSX 10.6 and 10.7. Websense customers are protected against all known variants of the Flashback trojan, and we also have real-time coverage in place for the traffic between the malware and the command and control servers. This marks the first time that Mac users are under the same threat that Windows users have been for years it's enough to visit a website to get compromised. We recommend that all Apple users install this software update as soon as possible.įlashback itself has been around since last year, but the number of infections really increased after it was used in drive-by download attacks using CVE-2012-0507, a vulnerability in Java. The number of infected computers seems to be dropping steadily now and will continue to do so as Apple yesterday released a removal tool as part of their Software Update: We in Websense® Security Labs™ have been following the developments of the Flashback trojan for Mac that has infected over 600,000 Apple computers worldwide. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |