To be honest though, apple’s portrayal of being impervious to malware is far more appalling (to me) than their security track record, which is still respectable in context. However in order to not be hypocrites, apple would have to admit that mac users are in fact affected by malware. We can recognize that the windows experience can be worse for end-users regardless of who is responsible for vulnerabilities. Note though that apple was always eager in it’s advertising to group together all malware under the “windows” umbrella regardless of whether microsoft windows was at fault or not. You are correct, and some of the vulnerabilities against macs do seem to be third party related. “But this particular case is because of Java, which is a security crapfest in itself, even more so since Apple rolls their own.” However, I’m risking the “You’re anti-Apple!!1!!!”-crap because it’s looking more and more like this is an actual serious issue. Now, we’re looking at data from security firms, so I’m still a little bit sceptical. So, especially if you belong in either of those groups, it might not hurt to give your machine a check-up. Since Apple does not ship Java by default any more, I’m guessing these are mostly older machines and machines that haven’t been updated to the latest release (and Minecraft players). If you’re afraid you might be one of those ~600000, Ars has a detailed guide on how to check your machine, and if necessary, how to remove it. Get this patch and install it, because if the investigations are correct, Mac users are actually running a risk this time. The trojan uses a security hole in Java, which Oracle patched in February 2012 Apple didn’t send out a patch until a few days ago. In fact, according to the earlier investigation, 274 unique IP addresses came from… Cupertino. More than 50% of the bots connected from the United States.” They used a total of 620000+ external IP addresses. Since every request from the bot contains its unique hardware UUID, we were able to calculate the number of active bots,” Kaspersky’s Igor Soumenkov writes, “Our logs indicate that a total of 600000+ unique bots connected to our server in less than 24 hours. After domain registration, we were able to log requests from the bots. “We reverse engineered the first domain generation algorithm and used the current date,, to generate and register a domain name, ‘’. Kaspersky Labs (yup, another antivirus company) confirmed the figures in their own independent investigation into the matter. We now have a second source corroborating the figures. Antivirus companies tend to be pretty sleazy, and they like nothing more than making a threat look bigger than it really is because, hey, what do you know, their antivirus product stops this particular super-dangerous cat-killing virustrojanmalwarething. Just a single antivirus company making such claims is not something that piques my interest. Some perspective: relatively speaking, this botnet is similar in size to Conficker (both infecting about 1% of the installed base). Earlier this week, a Russian antivirus company (little red flag going up) claimed over half a million Macs were infected by the Trojan, creating a pretty sizeable botnet. There’s a trojan called Flashback rummaging around the web, which can infect a Mac without the need for a root password. Not a bad track record for an eleven year old operating system, by the way. Now, however, it would appear we’re looking at the first successful widespread malware infection on Mac OS X. So far, the security issues on the Mac can barely be labelled as such, and really don’t deserve a lot of attention. We don’t normally report on security issues, especially not when they occur on Mac OS X.
0 Comments
Leave a Reply. |