bit-tech.net

Apple's OS X hit by drive-by malware

Apple's OS X hit by drive-by malware

Apple's OS X has proven vulnerable to viruses after all, as researchers discover a 550,000-strong botnet.

The reputation held by Apple's OS X as a safe haven from viruses, spyware and other nasties is taking a knock as security researchers indicate a Java vulnerability has led to over half a million Macs being recruited into a network of compromised machines.

According to Russian anti-virus firm Dr.Web, more than 550,000 OS X-based machines - the majority from the US and Canada - formed the heart of a botnet after being infected with the 'Flashback' drive-by Trojan.

Unlike previous attacks on Apple's OS X, the infection required no user interaction beyond visiting an infected website. Using a vulnerability in Java - a vulnerability not exclusive to Apple's operating system, it must be pointed out - the ne'er-do-wells were able to take over the target system automatically.

Dr.Web's analysis of the virus concludes that the network of infected machines numbered at least 550,000, but warns that 'these only comprise a segment of the botnet set up by means of the particular BackDoor.Flashback modification.' Of the infected systems discovered, 56.6 per cent were in the US with Canada sitting in second place with 19.8 per cent. The UK, meanwhile, holds 12.8 per cent of the detected infections - around 69,000 machines.

Chester Wisniewski, of anti-virus firm Sophos, claims that the number of attack reports his company has been receiving from OS X users has increased dramatically in the last few days. 'Here at [Sophos] we received a reasonable amount of criticism, as we do every time we discuss Mac threats, about over-hyping the risk and trying to scare people into installing our free protection,'' Wisniewski reports of an earlier write-up on the problem, before pointing to Dr.Web's analysis of the botnet as evidence that his company is not crying wolf.

For Mac users, it's time to update: a patch released late last night by Apple upgrades the Java version to Java 6 Update 31, patching the hole used by the drive-by download script. It's taken Apple six weeks to resolve the issue, however - and as Dr.Web's figures show, that's plenty of time for the botnet to grow in size.

More critically, it gives lie to the common claim that OS X is somehow invulnerable to attack from viruses and other malware. As Apple itself once recommended: it's time to install virus protection.

21 Comments

Discuss in the forums Reply
Picky88 5th April 2012, 12:46 Quote
Apple, start telling people they need antivirus on their MAC's. Because its true. And your users wont listen to anyone else!

Also now I am a mac owner I can't get herpes, right?
V3ctor 5th April 2012, 12:53 Quote
Everything can get viruses... I don't know how people believe in the "I don't need no AV because I own a Mac"...

Everything is hackable, and can be infected...
Dwarfer 5th April 2012, 16:57 Quote
The only reason Apple products haven't in the past had viruses (or as much) is people don't write code but as more & more are buying MAC's we will see more viruses hit this market. So Apple users beware lol
yougotkicked 5th April 2012, 20:07 Quote
hmm, irony. mac users are unknowingly part of a massive network of drones.
leslie 5th April 2012, 21:47 Quote
This isn't the first time Macs have been hit, but they like to hide their head in the sand saying there is no virus. Call it a trojan, call it adware, or even Barney the dinosaur, it's malware, the lines blurred years ago and burying your head in the sand isn't an excuse. If you are on the internet, put on your big boy pants and deal with it.

I know Pc techs who think they are safe too "I'm careful and I would know". The days where every infection brought the system to it's knees have long passed.
loftie 5th April 2012, 21:55 Quote
Lol, I still remember the dear Apple rep that promised me that macs are totally secure from viruses as they were 64bit. Maybe apple themselves actually believe they are immune......
Quote:
hmm, irony. mac users are unknowingly part of a massive network of drones.

I laughed =)
brave758 6th April 2012, 01:07 Quote
lol
shadysam 6th April 2012, 08:03 Quote
Too bad for people who believe that theirs Mac are unbreakable XD
Boscoe 6th April 2012, 08:47 Quote
Just out of interest I own both and have no protection on either except spy it search and destroy on the pc. I scan every week and nothing is detected, I don't go on any dodgy sites only professional well known ones how would I get any malware anyway?
leslie 6th April 2012, 10:26 Quote
Quote:
Originally Posted by Boscoe
Just out of interest I own both and have no protection on either except spy it search and destroy on the pc. I scan every week and nothing is detected, I don't go on any dodgy sites only professional well known ones how would I get any malware anyway?
I hope that is Spybot Search & Destroy, emphases on the & symbol, since there are several trojan infected programs with almost the exact same name.

As for it being used as protection, it's heyday has been passed and no one thing does everything. You really might want to run a scan with Malware Bytes or Super-Antispyware.

There was a week last year where, Google, Yahoo, Myspace and Facebook were all handing out trojans. Considering how many of ads are handled by Google, how well can you hide.
XXAOSICXX 6th April 2012, 10:49 Quote
Quote:
Originally Posted by yougotkicked
hmm, irony. mac users are unknowingly part of a massive network of drones.

I LOL'd IRL.
Nexxo 6th April 2012, 11:34 Quote
Can anybody pronounce Schadenfreude? :p
Valinor 6th April 2012, 11:36 Quote
I heard that Oracle patched this back in February, but Apple have only just approved it for use on macs.
loftie 6th April 2012, 11:43 Quote
Quote:
Originally Posted by Boscoe
Just out of interest I own both and have no protection on either except spy it search and destroy on the pc. I scan every week and nothing is detected, I don't go on any dodgy sites only professional well known ones how would I get any malware anyway?

Microsoft Security Essentials. Get it, it's free, you have no excuse.
leexgx 6th April 2012, 12:31 Quote
Quote:
Originally Posted by leslie
This isn't the first time Macs have been hit, but they like to hide their head in the sand saying there is no virus. .

where did my post go ??? (((ok whats up with the site when i press Post it takes me to the fourms)))

this is the first one that only requires you to see the web site for the botnet install to happen (like when your on windows pc and are using IE8/9 and you get one of them auto loading virus that require no user action to get it on your pc), others malware have been to trick you into clicking the install button and then the OSX keychains password to allow it to be installed (same as windows most of the time)

having an antivirus is no longer enough any more as each malware or virus or what ever, is different file every time so most antivirus are only 10-20% affective now (Use Chrome with Click to Play enabled as that stops all plugins)
Necrow 6th April 2012, 15:02 Quote
Mac's Never Get Virus <MythBusted>
leslie 6th April 2012, 22:32 Quote
Quote:
Originally Posted by leexgx

this is the first one that only requires you to see the web site for the botnet install to happen (like when your on windows pc and are using IE8/9 and you get one of them auto loading virus that require no user action to get it on your pc), others malware have been to trick you into clicking the install button and then the OSX keychains password to allow it to be installed (same as windows most of the time)

No,
Last year Macs were hit by those fake anti-virus programs that have been hitting Windows for years, the first required user action and caused an uproar. They no sooner patched it, and a new version came out requiring nothing. While it didn't get into the system nearly as deep, it did get in. It passed into history quietly.
Quote:
Originally Posted by Necrow
Mac's Never Get Virus <MythBusted>
But it's not a "true" virus!!!
Come the cries of thousands of Mac fans.
bagman 6th April 2012, 22:37 Quote
:)
FeRaL 7th April 2012, 04:13 Quote
Quote:
Originally Posted by yougotkicked
hmm, irony. mac users are unknowingly part of a massive network of drones.

I needed this laugh...
thil 7th April 2012, 18:40 Quote
Quote:
Originally Posted by V3ctor
Everything can get viruses... I don't know how people believe in the "I don't need no AV because I own a Mac"...

Everything is hackable, and can be infected...

What next? "Oh, I drive a Volkswagen; I never have to worry about it breaking down..."

I know. Plenty of people still believe this, and all Apple's supposed invincibility was just security through malware writers deeming Mac not worth bothering about. I still run into people like that...these are the same people that think simply having a PC connected to an internet connection will result in fifty different viruses embedding themselves on your computer.
Mankz 8th April 2012, 14:23 Quote
Quote:
Originally Posted by yougotkicked
hmm, irony. mac users are unknowingly part of a massive network of drones.

:)
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums