Flashback Mac Trojan Shakes Apple Rep of Invulnerability

 
 
By Jeffrey Burt  |  Posted 2012-04-09 Email Print this article Print
 
 
 
 
 
 
 

As more security experts weigh in on the malware that has infected more than 600,000 Macs, they’re also offering users ways to protect and clean their systems.

The extent of the threat to Apple Mac users from the Flashback Trojan is coming into clearer focus, with security software vendor Kaspersky Lab confirming previous reports that more than 600,000 systems have been infected, making it among the largest cases involving the Apple systems.

The Flashback situation has shaken the notion that Macs were relatively safe from security compromises, and security experts, like security software maker F-Secure, are giving users steps to take to protect their Macs from infection.

The Flashback virus first showed up last year as a classic Trojan, looking like an update to Adobe Flash that, when executed, would infect the system. Flashback returned in March as less of a Trojan and more of a drive-by threat. Rather than relying on users to download the malware onto their Macs, the Flashback exploit infects vulnerable systems when a user visits a compromised Website.

Security experts and analysts have said that the threat to Mac users is high because many of them bought into the idea that their Apple systems are essentially invulnerable to attacks, and thus many have not secured the Macs as well as they could have. Mac users have to understand that their systems are open to threats, according to Forrester analysts David Johnson.

€œOf course, the Mac is vulnerable,€ Johnson wrote in an April 6 blog post. €œEvery Internet-connected device is vulnerable.€

For Mac users, the real question is how to protect the systems. Johnson questioned whether traditional antivirus software is appropriate for Macs, noting what he called an €œabysmal€ track record for such approaches on Windows machines. Such software takes a lot of computer resources when scanning the system, and they€™re too reactive. He said that in researching management best practices for Macs, he€™s talked with a number of people running Macs in highly secure environments.

€œOne thing that has emerged from the dozens of conversations I've had with people who actually manage Macs in both large and small firms every day, is that not one of them has any illusions about the potential risks,€ Johnson wrote. €œEven so, only a few were using a traditional anti-virus solution for Macs, preferring instead to have effective patching and system backup/recovery capabilities, and user education programs.€œ

Security firms said they began seeing new variants of the Flashback malware in mid-March, and researchers with a Russian firm, Doctor Web, reported last week that through a €œsinkholing€ operation€”where they essentially were able to gain control of command and control (C&C) servers€”they were able to determine that more than 600,000 Macs worldwide had been infected, with more than half being in the United States and Canada.

That number initially drew skepticism, but in an April 6 post on Kasperky€™s SecureList blog, security expert Igor Soumenkov said Kaspersky researchers were able to confirm Doctor Web€™s numbers. Through a similar sinkholing operation, Kaspersky noted that more than 600,000 unique bots connected to a domain the company had set up, and that the Flashback malware used more than 620,000 external IP address.

Kaspersky wasn€™t able to say whether all the bots coming into its server were running Mac OS X, but that by using passive operating system fingerprinting techniques, researchers were able to get a €œrough estimation.€

€œMore than 98 percent of incoming network packers were most likely sent from Mac OS X hosts,€ Soumenkov wrote.




 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel