Apple's OS X hit by drive-by malware

April 5, 2012 // 11:57 a.m.

Tags: #anti-virus #apple #apple-mac #botnet #java #mac-os #mac-os-x #malware #os-x #trojan-horse #virus #vulnerability

The reputation held by Apple's OS X as a safe haven from viruses, spyware and other nasties is taking a knock as security researchers indicate a Java vulnerability has led to over half a million Macs being recruited into a network of compromised machines.

According to Russian anti-virus firm Dr.Web, more than 550,000 OS X-based machines - the majority from the US and Canada - formed the heart of a botnet after being infected with the 'Flashback' drive-by Trojan.

Unlike previous attacks on Apple's OS X, the infection required no user interaction beyond visiting an infected website. Using a vulnerability in Java - a vulnerability not exclusive to Apple's operating system, it must be pointed out - the ne'er-do-wells were able to take over the target system automatically.

Dr.Web's analysis of the virus concludes that the network of infected machines numbered at least 550,000, but warns that 'these only comprise a segment of the botnet set up by means of the particular BackDoor.Flashback modification.' Of the infected systems discovered, 56.6 per cent were in the US with Canada sitting in second place with 19.8 per cent. The UK, meanwhile, holds 12.8 per cent of the detected infections - around 69,000 machines.

Chester Wisniewski, of anti-virus firm Sophos, claims that the number of attack reports his company has been receiving from OS X users has increased dramatically in the last few days. 'Here at [Sophos] we received a reasonable amount of criticism, as we do every time we discuss Mac threats, about over-hyping the risk and trying to scare people into installing our free protection,'' Wisniewski reports of an earlier write-up on the problem, before pointing to Dr.Web's analysis of the botnet as evidence that his company is not crying wolf.

For Mac users, it's time to update: a patch released late last night by Apple upgrades the Java version to Java 6 Update 31, patching the hole used by the drive-by download script. It's taken Apple six weeks to resolve the issue, however - and as Dr.Web's figures show, that's plenty of time for the botnet to grow in size.

More critically, it gives lie to the common claim that OS X is somehow invulnerable to attack from viruses and other malware. As Apple itself once recommended: it's time to install virus protection.

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU