by Andy Patrizio
Mac owners have long enjoyed a safe operating environment not so much because the operating system was secured, as because malware writers ignored the platform. They went where the mass market is, the Windows platform, to infect the maximum number of platforms.
Well, the soaring popularity of the Mac as a platform is making the bad guys take a second look, and they are finding some security holes to exploit. A botnet called the Flashback botnet is targeting Mac computers with an unpatched version of Java.
The security flaw is somewhat old, according to Liam O’Murchu, manager of operations at Symantec Security Response. Older versions pretended to be a software upgrade and popped up a window for the user, but this new variant does so invisibly. It uses a “drive-by” method of infecting a computer, so all one has to do is visit a Web site with the malicious payload to be infected.
Symantec has disassembled the code and said it’s an information stealer, and not particularly sophisticate. “That’s the type of code we see delivered on Windows all the time I wouldn’t say the threat is terribly advanced or innovative, but the fact it’s using exploits to get onto Mac makes it novel,” said O’Murchu.
Apple is on top of the problem and has documented and outlined the vulnerability already. It said the vulnerability can be found in Java 1.6.0_29 and users should upgrade to 1.6.0_31, the latest version, immediately.
But the problem has already infected more than 600,000 Macs worldwide, according to Russian antivirus firm Dr. Web, which first found the Flashback Trojan. Fifty-seven percent of infected machines are located in the US and 20 percent are in Canada. O’Murchu said he has not seen a similar version of this Trojan for Windows PCs.
All in all, Apple did a decent job of responding quickly, says Roger Kay, president of Endpoint Technologies, a skill it needs to hone, since tackling malware hasn’t exactly been a pressing issue for Apple. Microsoft, on the other hand, has Patch Tuesday, it’s own antimalware software, and publishes a massive security report twice per year.
“All of that adds up to a mature ecosystem. You can say it’s a drag you even need such a thing, but the fact of the matter is you do, and [Microsoft] have one and it more or less works. Apple has tended to ignore that and act ostrich-like about the security problem, so it’s not too surprising they should get snuck up from behind,” said Kay.
And Mac users have to dissuade themselves of the notion that they are safe and don’t need anti-malware software. “I think this threat shows you no matter what OS you are using, no OS is immune to threats like this,” said O’Murchu.