homepage Welcome to WebmasterWorld Guest from 50.19.169.37
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / The Macintosh Webmaster
Forum Library, Charter, Moderators: travelin cat

The Macintosh Webmaster Forum

    
"Flashback" is causing problems again
travelin cat




msg:4437509
 2:45 pm on Apr 5, 2012 (gmt 0)

The company, Dr. Web, issued a report on Wednesday that claimed 550,000 computers running Mac OSX were subject to Flashback. Later, Sorokin Ivan, an analyst at Dr. Web, sent a tweet upgrading the figure to 600,000 and added that 274 were based in Cupertino, Calif., Apple’s hometown. Fifty-seven percent of all Macs affected are in the U.S., while another 20% are based in Canada, according to the company.

Apple issued a patch earlier this week. Use "Software Update" under the Apple menu to get it.

Full story: [mashable.com...]

 

Andy Langton




msg:4437515
 3:05 pm on Apr 5, 2012 (gmt 0)

Just by way of clarification for the initiated like me (I didn't know what it was until I read the source article) Flashback is a Mac-based trojan that steals usernames and passwords.

I image the trend of malware writers will follow that of the market and we'll see more and more of this sort of stuff across the various popular OS/device combinations out there.

bunltd




msg:4437540
 3:53 pm on Apr 5, 2012 (gmt 0)

Here's more: [f-secure.com ], with details on determining if you're affected.

travelin cat




msg:4437551
 4:14 pm on Apr 5, 2012 (gmt 0)

bunltd, thanks for that. I would add, that anyone unfamiliar with Terminal, should probably not want to take this on as you can really mess up your Mac if you do not know what you are doing. That site does include this warning:
Caution: Manual disinfection is a risky process; it is recommended only for advanced users. Otherwise, please seek professional technical assistance.

incrediBILL




msg:4437845
 5:44 am on Apr 6, 2012 (gmt 0)

Looks like Apple's years of being so-called secure just because it had lesser market penetration making it less of a target is over.

Of course it really doesn't matter how secure anything is when people are so stupid they'll install any old thing that requests installation without properly examining the URLs before accepting the install.

There's so much that browsers and the OS could do with online validation prior to installing any software that the OS and computer vendors should really be embarrassed at this point. For instance, simply putting all programs in something like the App Store, which requires virus checking before distribution.

Not sure the sheeple would even notice if it didn't load from an App Store even, but tighter regulated, validated and controlled distribution to the masses is the only solution to these problems as leaving in the hands of individuals to keep a clean computer or the OS vendors to make a secure OS really hasn't worked so well so far.

mack




msg:4437994
 3:17 pm on Apr 6, 2012 (gmt 0)

I don't think the walled garden approach is the way forward. I think what should be done is to adopt a whitelist, or preferably a blacklist for apps that are potentialy a threat. This is somethign that could be done by a non profit and made available to all platforms. On install you will be warned if the dangers before going through with the install.

This cold be integrated as a web service within Windows installer for example. When installing anything it queries a database.

Mack.

incrediBILL




msg:4438064
 5:13 pm on Apr 6, 2012 (gmt 0)

@mack - Flash is already more or less whitelisted, that has obviously failed. Without the walled garden the masses don't know if what they're getting is from a reliable source or not, which is how this mass infection happened in the first place. Besides, I can't speak for Apple products, but Windows warns people about installing stuff and that doesn't work either because people get numb and complacent and simply click OK for everything.

lexipixel




msg:4438083
 5:51 pm on Apr 6, 2012 (gmt 0)

My prediction: malware infected apps for Android phones will outpace both PC and MAC attacks.

martinibuster




msg:4438335
 8:10 pm on Apr 7, 2012 (gmt 0)

...people get numb and complacent and simply click OK for everything.


That's particularly true for Mac users as they're not used to having to deal with this. As you said Bill, the only reason Macs haven't been targeted is market share, not because the Apple OS is locked down better than Windows. Because Mac users aren't accustomed to having to practice common sense about clicking on links and visiting rogue sites, it's probably going to hit the Mac community harder. From an article in ComputerWorld [computerworld.com]:

The Mac OS X system itself is not less secure or prone to infection than Windows per se, but the Mac culture is conditioned to believe the OS is virtually invulnerable. Fewer users have any security software installed to protect their Mac OS X systems, and Mac OS X users are more likely to click links and open files without thinking twice.


That Apple was locked down better than Windows was a myth perpetuated by Apple and believed by their loyal customers. The article states that the fault isn't in the Apple OS but in third party apps. Yet it does fault Apple for their response.

It doesn't help anything that Apple perpetuates the myth of invulnerability. It takes time to develop a patch, but as soon as Apple was aware that the threat existed, it should have proactively communicated to Mac OS X users to make them aware. In fact, it should have provided users with instructions to disable Java and mitigate the threat pending a patch to resolve the issue. The fact that it didn't is probably a contributing factor to why the Flashback botnet is as large as it is... Apple needs to be more proactive, and more honest with users about security concerns if it wants to contain future threats and prevent massive outbreaks such as this.


Apple is said to be a nimble company so it wouldn't surprise me if moving forward they're going to develop a better set of protocols for dealing with future crises. The next time will be Apple's chance to show Windows how it's done. And if not then Apple will begin to look a lot less shiny.

The perpetuation of the myth persists, like from this writer at AllThingsD [allthingsd.com]:

...I never said Macs will never get viruses or other Malware. But historically its record versus other platforms compares favorably... Historically, Mac OS X has been substantially less vulnerable to this sort of thing than Windows.


That's self-deception. It's irrational to admit that the system is not invulnerable while in the same breath affirming that it is less vulnerable than Windows. The reality is that Apple had been targeted less and that's not much security. Apple is out in the real world now and it's going to have to grow up.

travelin cat




msg:4439734
 8:05 pm on Apr 11, 2012 (gmt 0)

Here's a tool to help you detect if you have the Flashback trojan. This does not remove Flashback, it just lets you know if your Mac has been infected.

[lifehacker.com...]

Angonasec




msg:4440064
 3:53 pm on Apr 12, 2012 (gmt 0)

That detection tool won't run on OSX 10.4 PPC (Tiger)

But simply de-acativating Java in Safari (my default setting) prevents infection anyway.

engine




msg:4440482
 2:04 pm on Apr 13, 2012 (gmt 0)

Apple has a Java security update.

Java security update removes the most common variants of the Flashback malware [support.apple.com]
This Java security update removes the most common variants of the Flashback malware.
This update also configures the Java web plug-in to disable the automatic execution of Java applets.

travelin cat




msg:4440553
 4:48 pm on Apr 13, 2012 (gmt 0)

If you did not get the automatic message to update your Mac today, go under the Apple menu, choose "Software Update" and install the update ASAP.

Here's the message from Apple on the update:
This Java security update removes the most common variants of the Flashback malware. If you do not use Java applets, it is recommended that you disable the Java web plug-in in your web browser.

This update is recommended for all Mac users with Java installed.

For more information on how to disable Java in your web browser see: [support.apple.com...]

For details about this update see: [support.apple.com...]

FYI, a restart is not required.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / The Macintosh Webmaster
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved