Hackers Hitting Macs With Virus: Industry Experts

[webfact]

Hackers hitting Macs with virus: industry experts

The computer security industry buzzed Thursday with warnings that more than a half-million Macintosh computers may have been infected with a virus targeting Apple machines.

Flashback Trojan malware tailored to slip past "Mac" defenses is a variation on viruses typically aimed at personal computers (PCs) powered by Microsoft's Windows operating systems.

The infections, spotted "in the wild" by Finland-based computer security firm F-Secure and then quantified by Russian anti-virus program vendor Dr. Web, come as hackers increasingly take aim at Apple computers.

"All the stuff the bad guys have learned for doing attacks in the PC world is now starting to transition to the Mac world," McAfee Labs director of threat intelligence Dave Marcus told AFP.

"Mac has said for a long time that they are not vulnerable to PC malware, which is true; they are vulnerable to Mac malware."

Dr. Web determined that more than 600,000 Mac computers may be infected with Flashback, which is designed to let hackers steal potentially valuable information such as passwords or financial account numbers.

Hackers trick Mac users into downloading the virus by disguising it as an update to Adobe Flash video viewing software.

Apple has long boasted that Windows machines are more prone to hacking than Macs.

Computer security specialists contend that the reason for the disparity was that since most of the world's computers were powered by Windows, hackers focused on systems that promised the most prey.

As the popularity of Macs has soared, so has the allure of hacking Apple operating systems, according to Marcus.

"There has been a significant increase in Mac malware in the last several quarters, so what we've seen with the Flashback Trojan isn't particularly surprising," Marcus said.

"Cybercriminals will attack any operating system with valuable information, and as the popularity of Macs increase, so will attacks on the Mac platform."

Computer users, no matter their operating systems of choice, need to protect machines with tactics including up-to-date anti-virus programs and avoiding risky habits such as opening files or clicking links from unknown sources.

-- (c) Copyright AFP 2012-04-06

[Jeii3000]

Meh!

[jeffcool]

Just when I was about to go on Mac coz Im p#ssed off of those bloody viruses.....

[PingManDan]

Just when I was about to go on Mac coz Im p#ssed off of those bloody viruses.....

There are anti-virus applications for Macs, a lot of people think they are immune using a Mac from viruses, and do not use anti-virus blockers. BitDefender has a blocker for Macs as well as your PC system, just check out online.

Edited April 6, 2012 by PingManDan

[pxlgirl]

All right folks, before anyone panics, here a few less flashy facts:

Just for the record, there are practically no viruses for Macs. The mentioned malware is a trojan, not a virus. A virus is a standalone code piece that replicates and spreads itself (often) without user's notice and affects Windoze machines. A trojan is a malicious piece of code hidden in an application appearing "official". In order to do some nasty things done, it has to be installed by the users themselves. You get what you click, simple as that. So it's all up to you how far you will let it go, unless you follow a few simple rules below:

- For all platforms:

Never install software from unknown sources, use only trusted ones.

Change your passwords on a regular basis, do not use names or words that can be guessed

- For Windozers:

Run virus checks at least every 3 days.

Do not open any weird attachements, even if they have been sent by people from your contact list

Do not click on unknown links sent to you over msn, fb or other communication channels

Check for updates on your virus scanner daily

You might consider not to use (s)Explorer for certain web content

For Mac/Linux users:

Check for software/security updates daily.

Never surf on the web as admin/root

A note to Jeffcool, no need to worry, feel free to get a mac and enjoy it.

[supashot]

"Hackers trick Mac users into downloading the virus by disguising it as an update to Adobe Flash video viewing software."

So you have to download and install yourself the virus??

Another PR stuff from AV vendors.

A virus use a vulnerability of an Operating System, which is not the case here.

Edited April 6, 2012 by supashot

[robia6]

"Hackers trick Mac users into downloading the virus by disguising it as an update to Adobe Flash video viewing software."

So you have to download and install yourself the virus??

Another PR stuff from AV vendors.

A virus use a vulnerability of an Operating System, which is not the case here.

I'm using a Mac and earlier today downloaded & installed an Adobe Flash Player update.

It looked like a normal update and appeared through my Adobe download assistant, surely can't be a virus - can it?

[supashot]

"Hackers trick Mac users into downloading the virus by disguising it as an update to Adobe Flash video viewing software."

So you have to download and install yourself the virus??

Another PR stuff from AV vendors.

A virus use a vulnerability of an Operating System, which is not the case here.

I'm using a Mac and earlier today downloaded & installed an Adobe Flash Player update.

It looked like a normal update and appeared through my Adobe download assistant, surely can't be a virus - can it?

look at the source of the download if coming from Adobe or not, just good sense;-)

[mrdjt]

I also downoaded a very official looking Adobe update. Then read an article that stated very cleaerl Adobe will never promote an update through a pop up window. You have to go to the official Adobe site.

I ran disinfectant and all is well.

[RaoulDuke]

Not really a big surprise. The reason that PC's have always been targeted over Macs is that PC's outnumber Macs by over 10+:1, so the virus/trojan gets a much bigger bang for the buck by targeting PC's. But as more consumers and businesses switch to Macs, especially on the popularity of the iCrap, that makes Apple a much more lucrative target. The key is that Apple keeps on top of this and issues fixes/updates quickly, as opposed to Microsoft, that really didn't seem to care about helping out their customers, probably hoping that the customer would just buy a new computer when their old one became riddled with malware/bloatware. The real area of concern for the future is smartphones/tablets, which is clearly where any smart hacker would be targeting.

[luckyman]

Just when I was about to go on Mac coz Im p#ssed off of those bloody viruses.....

I'ld say just go ahead and do so, this artilcle origins from the Marketing Divisions of several anti-virus software companies.

And Mc Afee is one of the worst of them anyway, lousy security for Windows for alot of money..

[nikster]

Just when I was about to go on Mac coz Im p#ssed off of those bloody viruses.....

I'ld say just go ahead and do so, this artilcle origins from the Marketing Divisions of several anti-virus software companies.

And Mc Afee is one of the worst of them anyway, lousy security for Windows for alot of money..

McAfee and all the others - peddlers of scare ware, at best, makers of software that slows your computer to a crawl and doesn't protect you from viruses. I agree there. Most of these programs do not protect you when push comes to shove.

There have been many articles like this before, and each and every one of them was utter BS - like you said.

However, this one's different because now for the first time there actually is a real Mac botnet and the trojan in question has multiple infection vectors - one of them a Java vulnerability in OS X that allows the trojan to install without user interaction - a drive by vulnerability. This has been fixed (run Software Update to get it). But the fact remains that somebody has put a lot of effort in this trojan, has managed to infect 600k machines, and isn't going to stop - the number of zero day exploits is nearly unlimited.

So until Apple comes up with a clever way to stop this virus/trojan, they'll keep at it, and find new holes. I think sandboxing would help in this case as with sandboxing Java simply wouldn't be able to install anything even if hijacked by a trojan, and pop up windows also wouldn't be able to install anything.

BTW I think the official Adobe updater actually does work via pop up window. Looks just like the trojan, it's brilliant...

As a practical tip, just go to www.adobe.com to update your Flash, and do it from there. That way you can be sure it's official...

[DaveBKK]

I think this headline from All Things D sums it up best: What'€™s This? A Mac Virus? No Actually It's A Weakness in Java - http://zite.to/HjZyAM

Edited April 7, 2012 by DaveBKK

[jamesbrock]

Not really a big surprise. The reason that PC's have always been targeted over Macs is that PC's outnumber Macs by over 10+:1, so the virus/trojan gets a much bigger bang for the buck by targeting PC's. But as more consumers and businesses switch to Macs, especially on the popularity of the iCrap, that makes Apple a much more lucrative target. The key is that Apple keeps on top of this and issues fixes/updates quickly, as opposed to Microsoft, that really didn't seem to care about helping out their customers, probably hoping that the customer would just buy a new computer when their old one became riddled with malware/bloatware.

There'a another factor that no one has mentioned - Apple's Walled Garden. A lot of people complain about the restrictive nature of Apple's ecosystem, but it is that ecosystem that helps Apple products remain safer and more stable that their Windows counterparts.

The real area of concern for the future is smartphones/tablets, which is clearly where any smart hacker would be targeting.

Most threats will be directed at Android devices - simply because it's easier to get malware onto one, than it is to get through Apple's Walled Garden.

http://tabtimes.com/feature/ittech-security-privacy/2011/12/13/virus-watch-8-worst-android-infections-2011

Edited April 7, 2012 by jamesbrock

[nikster]

Not really a big surprise. The reason that PC's have always been targeted over Macs is that PC's outnumber Macs by over 10+:1, so the virus/trojan gets a much bigger bang for the buck by targeting PC's. But as more consumers and businesses switch to Macs, especially on the popularity of the iCrap, that makes Apple a much more lucrative target. The key is that Apple keeps on top of this and issues fixes/updates quickly, as opposed to Microsoft, that really didn't seem to care about helping out their customers, probably hoping that the customer would just buy a new computer when their old one became riddled with malware/bloatware.

There'a another factor that no one has mentioned - Apple's Walled Garden. A lot of people complain about the restrictive nature of Apple's ecosystem, but it is that ecosystem that helps Apple products remain safer and more stable that their Windows counterparts.

The real area of concern for the future is smartphones/tablets, which is clearly where any smart hacker would be targeting.

Most threats will be directed at Android devices - simply because it's easier to get malware onto one, than it is to get through Apple's Walled Garden.

http://tabtimes.com/...infections-2011

For iOS, sure, it's locked down. No one has got through the sandboxing yet.

For Mac, Apple has no walled garden. But they're about to release a very interesting concept called Gatekeeper. The idea is that developers can get certificates from Apple - but unlike on iOS they don't have to pay a fee, they can just download a cert. Then Macs will only run apps that are signed by certificates. The key is that Apple can revoke certificates - and they reserve that for malware and viruses.

I think this will mean that Apple will have a way to stop any virus - the virus may spread a little, using zero day exploits and even holes in the browser sandbox (another feature coming down the pipe). The virus may disable anti virus measures and gatekeeper itself. But once the malware is detected, Apple revokes the certificate and it can't spread to any not-yet-infected systems.

The end result could be that writing viruses for Macs, once again, is simply not worth it. As you can infect only a few before they revoke the cert.

[ianwuk]

I'll believe it when my Mac gets infected.

[pxlgirl]

Read before posting: http://www.webopedia.com/DidYouKnow/Internet/2004/virus.asp

[Lost in LOS]

found the check on Cnn. run two scripts and it tells you if you have the virus or not. Im good

http://edition.cnn.com/2012/04/06/tech/web/mac-flashback-trojan-check/index.html?iphoneemail

[jamesbrock]

found the check on Cnn. run two scripts and it tells you if you have the virus or not. Im good

http://edition.cnn.c...tml?iphoneemail

I can picture pxlgirl hitting her head on the keyboard at reading this...

[nikster]

Read before posting: http://www.webopedia.../2004/virus.asp

Well aware of this but... I really don't care. "Virus" is just a much nicer name than "Malware". Does it really matter of you got infected by a trojan or virus?

Besides, it would be hard to say this new threat is not a virus. First of all, it can infect your system in drive by mode from a website. Secondly, it can download code that could do anything, including spreading itself via Flash drives. Or the whole botnet could be used to search for vulnerable websites to inject the trojan there. That's the thing with botnets - they can do anything they're told.

[nikster]

I'll believe it when my Mac gets infected.

Not gonna happen if you do two things:

- Update or disable Java (if you even have it - OS X Lion doesn't come with Java per default, smart move as it turns out)

- Don't update / install anything from within the web browser. If you get prompted for your admin password from your browser, something is wrong.

[jamesbrock]

I'll believe it when my Mac gets infected.

Not gonna happen if you do two things:

- Update or disable Java (if you even have it - OS X Lion doesn't come with Java per default, smart move as it turns out)

- Don't update / install anything from within the web browser. If you get prompted for your admin password from your browser, something is wrong.

The point about 'not updating from within your browser' is a good one. As you pointed out on Saturday, the official Adobe automatic updater actually does just pop up a dialogue box, regardless of what app is filling your screen, so it could actually be the official updater, but if you're looking at a browser when it does pop up, it's better to be safe than sorry.

[nikster]

Apple just posted an official note on this issue: http://support.apple...US&locale=en_US

Apple is developing software that will detect and remove the Flashback malware.

In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.

Sounds like Apple is about to drop the hammer on this whole network...

By the way if I had to guess I'd say that the majority of infections comes from the social engineering components of the trojan - the fake Adobe Flash installer & the fake system update. Blaming it on the Java vulnerability is convenient but a little disingenuous.

Edited April 11, 2012 by nikster

[Crushdepth]

"Hackers trick Mac users into downloading the virus by disguising it as an update to Adobe Flash video viewing software."

So you have to download and install yourself the virus??

Another PR stuff from AV vendors.

A virus use a vulnerability of an Operating System, which is not the case here.

Tricking people into downloading malware or into visiting an infected site is the number one way it is spread these days. A link in your email is all it takes. Macs are just as vulnerable to this kind of attack as anything else.

[Crushdepth]

I think this headline from All Things D sums it up best: What'€™s This? A Mac Virus? No Actually It's A Weakness in Java - http://zite.to/HjZyAM

Actually its a weakness in a *Mac* build of Java.

[4evermaat]

.....

look at the source of the download if coming from Adobe or not, just good sense;-)

"Hackers trick Mac users into downloading the virus by disguising it as an update to Adobe Flash video viewing software."

So you have to download and install yourself the virus??

Another PR stuff from AV vendors.

A virus use a vulnerability of an Operating System, which is not the case here.

yes. if someone downloads something AND gives the program permission to make changes on the computer, it could cause the user problems. its very doubtful, as system files require admin password to access.

i have little snitch installed. so any program accessing the internet must seek my approval. and you cal limit this to program + specific port requested. and you can grant access once, until the program quits, or always.

unrestricted internet access is key component to a virus spreading very rapidly.

Tricking people into downloading malware or into visiting an infected site is the number one way it is spread these days. A link in your email is all it takes. Macs are just as vulnerable to this kind of attack as anything else.

the user is almost always the weakest link. after switching to xp, sp2 with an integrated firewall, i soon discontinue the private firewall/antivirus. similar to the medical community, the 'virtual doctors' make money with their spookish fear-mongering.

"2nd best time to plant a tree is today." Sent from TV android app.

Edited April 15, 2012 by 4evermaat