UPDATED 11:11 EST / APRIL 12 2012

NEWS

Flashback Trojan Estimate Drops as Security Experts Flay Apple for Slow Response

I grew up with the Mac vs. PC debate in full swing with a strange sort of sectarian dichotomy between the fans of Apple and everyone else. One of the biggest things that would be brought up, especially by the proponents of Macintosh was the general dearth of malware and viruses that could affect Apple products—so when 2012 comes along and “Flashback” is in the news it makes me wonder why everyone isn’t moving faster to fix it.

The first point to keep in mind is that viruses affect every platform; nothing has ever been immune, just resistant or not popular enough. The widespread customization and culture of the users involved also figures in; but one final element is how much of a response and how quickly do the developers involved act when a problem comes down the pipe also figures in.

The initial estimates of Flashback Trojan suggest that it has infected over 600,000 Macs by way of a new variant discovered about two months ago (an estimate that has recently fallen to about 270k.) This is fairly virulent and the new strain was cooked with a trick that enabled it to exploit a security hole in Java. The Trojan is the standard spyware snooper that insinuates itself into a machine, forms a botnet (similar to well-known types like Kelihos or ZeuS), and then steals usernames, passwords, sensitive information, and even monitors network traffic.

Unlike most Trojans, the initial version used an exploit that allowed it to install itself without user intervention (due to the Java exploit) now it’s still sitting on the hard drives of over 270k Macs, chattering away in a very social botnet, trading secrets to cybercriminals. The infection rate has appeared to go down since the initial infection (which must have hit sometime during the fall or winter) but the rate it still pretty high.

On the security front, many experts have given a dim eye to Apple for not stepping forward sooner. A patch to Java came out not-too-long after some of the initial infections; but it has taken two months more for Apple to work up a removal tool that they’re just preparing to release now.

“Someone in Apple has broken ranks following the recent revelations of a Jolly Big OS X botnet,” Paul Ducklin at security specialist Sophos wrote to The Globe and Mail. “Apple has – apparently for the very first time – talked about a security problem before it had all its threat response ducks in a row.”

Sophos, Symantec, and many other security firms and experts have long held that Apple is extremely bad when it comes to the security of their customers. In fact, the computer platform giant has seen fit to perpetuate the myth that Macs are highly resistant (or immune) to malware, which is a tremendous and dangerous falsehood—combined with Apple’s lackadaisical approach to patching or fixing malware-related issues Mac users may be on their own when it comes to self-defense and they’d better board up the windows.

Security experts mused to The Guardian that we might be seeing the tip of an iceberg when it comes to malware coming to Macs,

Yet even with the latest infection, amounting to 1% of the estimated installed base of Macs, there aren’t so far signs of a deluge of attacks against Macs. Between MacDefender in May of 2011, and Flashback between September and the present day, the amount of Mac-targeting malware remains remarkably low; while Graham Cluley of Sophos points out in “a short history of Mac malware”, the amount targeting the platform has trebled in the past three years – but that still only amounts to a couple of new attacks per year. And one piece of software identified as “malware”, from PremierOpinion, is arguably no such thing, but a user-sanctioned tracking system for web use.

In the mean time, we’re still waiting for Apple to develop and complete their removal tool.

If you are concerned that your machine is infected, F-Secure has a series of articles on how you can discover an infection and even tips on how to avoid one.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU