Skip to comments.Half a million Mac computers 'infected with malware'
Posted on 04/05/2012 8:45:23 AM PDT by null and void
An investigation by Dr Web suggests that about 600,000 Macs have the malware - potentially allowing them to be hijacked and used as a "botnet".
It says that more than half that number are in the US.
Flashback was first detected last September when anti-virus researchers flagged software masquerading itself as a Flash Player update. Once downloaded it deactivated some of the computer's security software.
"By introducing the code criminals are potentially able to control the machine," the firm's chief executive Boris Sharov told the BBC.
"We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals' hands. However, we know people create viruses to get money.
"The largest amounts of bots - based on the IP addresses we identified - are in the US, Canada, UK and Australia, so it appears to have targeted English-speaking people."
Dr Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California - home to Apple's headquarters.
Apple released its own "security update" on Wednesday - more than eight weeks later. It can be triggered by clicking on the software update icon in the computer's system preferences panel.
The security firm F-Secure has also posted detailed instructions about how to confirm if a machine is infected and how to remove the Trojan.
Although Apple's system software limits the actions its computers can take without requesting their users' permission, some security analysts suggest this latest incident highlights the fact that the machines are not invulnerable.
"People used to say that Apple computers, unlike Windows PCs, can't ever be infected - but it's a myth," said Timur Tsoriev, an analyst at Kaspersky Lab.
Apple could not provide a statement at this time.
(Excerpt) Read more at bbc.co.uk ...
Better warm up the popcorn popper. This ought to be interesting.
Now I seem to recall at least a half dozen people telling me that Macs are superior to PCs in part because Macs don’t get viruses. Then I would tell them that it only appears so because most computers are PCs and hence most, but not all, malware is targeted at PCs.
Downloading security update now.
How can you tell? I am a MAC user and keep my software updates checked daily..what was your experience?
MACS were safer because Windows dominated and relatively few miscreants in Pakistan or the Ukraine wasted their time writing malware for them.
Recent technological developments have changed this.
Hi CG, long time no see.
No overt symptoms, did recently download Flash player updates, and machine hasn’t quite felt right lately.
Just installed the latest Apple updates, seems a bit better...
bump - thanks.
How is that possible? MACs aren’t like Windows machines in that if you’re not careful, you’re logging in under the admin account.
Last time I messed with a MAC, I seem to remember that you get a pop up asking you to put in the admin password if you’re doing any task that require rights. Now if you got the dialog box and entered the admin password during normal operations, you blew it. No amount of security in the world will help any user who blindingly inputs their admin pw.
Laughing my tookis off at the fools.....
Yeah people get that popup and provide their password without bothering to find out what they’re allowing. The biggest security hole is always the people, that’s why trojans are the most successful form of malware, the hole a virus uses will eventually get patched, there is no patch for the click happy human hole.
Looks like it finally caught up to the Macs...as I knew it would.
MACs aren’t like Windows machines in that if you’re not careful, you’re logging in under the admin account.How does that work? I have absolutely never accidentally logged in as admin under Windows.
Yep. Even the best of us will occasionally get stupid.
After I ran :
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
That normal ?
On some level they still probably agreed to something. Most of the malware in the PC world comes with browser toolbars.
If the error doesn’t return you should follow the instructions here:
If the error doesnt return you should follow the instructions here:
According to your link:
On execution, the malware checks if the following path exists in the system:
- /Library/Little Snitch
- /Applications/VirusBarrier X6.app
- /Applications/Packet Peeper.app
If any of these are found, the malware will skip the rest of its routine and proceed to delete itself.
So, it would appear the malware regards the letter X in Xcode the way the devil regards crossed forearms? That's good to know, LOL!
They still are once again you have to allow this to download and install on your computer.If I see something pop up I never let t install and will go directly to the site to see f there are updates.
Not Possible! Swordmaker and the macbots have told me that only windows gets stuff like this.
Where as I have always asserted once Macs become more popular (which they now have) they will have more attacks.
I wonder who was right?
From the Article:
“Later versions of the malware exploited weaknesses in the Java programming language to allow the code to be installed from bogus sites without the user’s permission. “
From the article:
“Java’s developer, Oracle, issued a fix to the vulnerability on 14 February, but this did not work on Macintoshes as Apple manages Java updates to its computers.
Apple released its own “security update” on Wednesday - more than eight weeks later. It can be triggered by clicking on the software update icon in the computer’s system preferences panel.”
So if Apple allowed java to be updated by Oracle then this wouldn’t have been as widespread of an issue. Very interesting.
I wonder why Apple took so long to patch this vulnerability? Maybe they should stick to making hardware and leave the software to the pros.
Thanks for the ping.
Shadow Ace...this is definitely worthy of the tech ping.
Number of Macs infected came from an AV company--take that for what it's worth.
Um. You’re “laughing your tookis off” because Windows has lost market share? OK.
Please, keep using your Windows machine. That way, I’ll have the competitive advantage.
A *RUSSIAN* AV company.
You Mac owners lied!
It sounds like you got it.
After following the instructions, ‘ libgmalloc.dylib ‘ is now gone.
No unusual activity on any C.C., no account hijackings, no PW changes,etc.
While this is part of the reason, you are ignoring a fundamental difference in the approach to security and design. Windows uses a completely different and frankly weaker security model/design, especially in older versions of their OS than UNIX (which OSX is based upon).
Any computer can be hacked, but when you have a security model that is more flawed on computer a than computer b, computer A is going to get hacked more.
No computer is hack proof, it its on the internet its at risk, period.
Apple controlling the updates is part of their overall security, and part of why they tend to have less issues. The model has its pluses and minuses.
The plus, only updates they send are going to get pushed to computers, meaning someone can’t hijack or spoof say an update looking like its an oracle update from oracle and compromise your box.. the update must come from apple. The down side, is as you pointed out, updates can take longer to be distributed because Apple must review and push them.
Security is a balance between usability and safety. The safer you want your computer to be, the less usable its going to be in practical application.
Opening up updates to be done from anywhere, does open Windows up to a more likely possibility of a phone update being pushed and infecting computers than a centralized distribution policy such as Apple has. However it also means updates don’t happen as quickly because the developers can’t push them directly.
I’ve had flame wars against Apple since the days of the Apple II, my Commodore 8 bits ran rings around them in every measurable way back in the day, and honestly I’ve traditionally not been a huge fan of theirs...though I can see why some folks enjoy them. From a user experience side, they have traditionally been miles ahead of MS. As a tech geek, they frustrate the heck out of me. However as a tech geek I’m really not their target market, their target market is people who are not technically savvy, and don’t want to be but want to use technology elegantly and simply... and on that front, Apple has done a supurb job, and does to this day.
Yes, that comes with pricetags I don’t care for, ungodly overpriced hardware, a development language that is rediculously and needlessly obtuse, and UI weaknesses that they need to concede they are wrong about.. IE only the bottom right corner can be used to resize a window... Its time to accept and update that one guys and let users drag any part of a window to resize it.
Apple focus these days is on USER EXPERIENCE, and give them credit where it is due, they own it. But like their security push model, it too comes with a price, want to publish for iPhone etc better meet their guidelines and pass their review before it will get out to the world. No such restrictions on other platforms, but this oversight while annoying from a pure hacker perspective, does lead to a ubiquitous experience to the user, regardless of who develops the app etc. All you have to do is go look at Android Apps and you’ll instantly see what I am talking about. Thousand upon thousands of crappy apps, they may do their jobs, but the user experience and interfaces are kludgy and inconsistent.
However getting back to security, Apples model for security is a generally safter design than Windows, especially on older version of the OS. Is it perfect? Nope, no such thing exists.
Not at all...I couldn’t care less....to me they are just tools. What I’m laughing at are all the Mac people trying to convince everyone else about how secure their systems are....when the security professionals know that NOT to be the case...now the chickens are coming home....to roost. LOL..... How secure do you feel NOW? If you were a smart Mac owner, you would start taking the steps to become a smart Mac user. (you in the general sense, not you in particular).
Do you work in a standard account or admin account?
Windows uses a completely different and frankly weaker security model/design, especially in older versions of their OS than UNIX (which OSX is based upon).These older versions you speak of were the Windows 3.1 / 9x / ME line. They do not exist anymore, and for over ten years now. They had no security at all, kindof like Mac OS 9… When we say “Windows” today, what we mean is the OS that derives from Windows NT, a completely different beast. There is nothing in its security model or design that makes it any less secure than Unix. If anything, it is more secure.
Not especially. More of the same old.
"OS X does not come with Java installed by default, and the latest versions of Java should be patched properly so anyone with new or properly updated systems should be safe from these threats........."
To summarize, the malware has overall adopted two modes of infection. The first is where it requires administrative privileges......The second .... is done to the user's account... does not require admin privileges to complete;however, it does ultimately result in a more obvious infection that will destabilize the system and lead to crashes."
Don't be silly.
That's a PC plebeian problem!
So there is no excuse for any responsible Apple user to have this "virus" still on their system.
Why is people want to keep comparing Apples latest and greatest to products Microsoft made 15 years ago? I guess it’s the only way they can compete.
The update came out yesterday, I installed it this morning...
I think you missed the part of the article that said Apple took over 8 weeks to release the patch to fix this issue. Where as Oracle had it out in February...apple not until April.
I don’t care what kind of auto-updates you have set...if the patch isn’t available it can’t be fixed.
Evidently for a Mac to be secure you need to run windows 7 on it and use that to browse the Internet.
Clearly OSX can’t handle it—they took 8 weeks to release an update for a known exploit that was already fixed by Oracle.
Admin. Use Safari and Opera