CYBEREYE

Flashback infections of Apple's OS X prove no one is safe

It has taken months to accomplish, but fixes for the most prolific malware to hit Apple’s operating system appear to be having an impact, and infection rates for Flashback are dropping, according to researchers at Symantec Corp.

The outbreak of OSX.Flashback, which began in late 2011, is a reminder that although Microsoft Windows traditionally receives the lion’s share of attention from malware writers and those searching for vulnerabilities to exploit, no operating system is completely secure. Symantec, which has been following the outbreak, said that although attacks against the Mac OS are not new, Flashback has distinguished itself by the sheer volume of its infections.

Originally spread by masquerading as a Flash update, the most recent version of Flashback exploits a Java vulnerability.


Related story:

NIST's how-to on securing virtual machines


Estimates of compromises worldwide were in the 600,000 range early this month, but data from Symantec Security Response's sinkhole, which gathers traffic from infected machines attempting to contact the malicious command and control servers, indicates that as of April 11 the number of infections was below 270,000. Most of them are in North America, with the United States accounting for 47 percent.

The drop is likely due, at least in part, to the release of a Java automatic security update that removes the most common variants of the Flashback malware. The update, Java for OS X Lion 2012-003, also configures Java to disable the automatic execution of applets. Users can enable automatic execution, but if Java finds that no applets have been run for an extended period, it will default to disable execution.

Symantec and other security companies also have released tools to remove Flashback, and Apple announced that it is working with Internet service providers to disable the Flashback command and control network.

Several years ago, security professionals warned that the dominance of Windows operating systems was creating an OS monoculture that was a threat to IT security because it not only offered a target-rich environment for malware but could allow a single infection or exploit to compromise a large part of the infrastructure.

The environment has shifted significantly since then. The dominance of desktop and laptop computers is being challenged by a new generation of tablets and mobile devices, which has also introduced more variety in the OS landscape. Not only has Apple become a leader in the mobile market, enlarging the footprint of its operating systems, but a third party has joined the race in the form of Google’s Android OS.

Apple’s culture of control has helped to keep exploits for its mobile devices down, but Android is making up for this in the mobile field by attracting the attention of a growing number of malware authors.

And, as Flashback has showed, no consumer operating system is really safe if someone takes the time to target it. This can make a brand’s popularity a double-edged sword. The more people use it, the more other people are going to want to break into it.

This is not a knock against Apple. It’s a warning against a false sense of security just because you are not running a Microsoft product on your computer of choice.

 

Reader Comments

Wed, Apr 18, 2012 Check

I totally agree with KingMe. Those of us who use computers for a living have ALWAYS known that no OS is immune to attacks and have practiced safe computing. I have, as yet, not gotten any attacks on my mac but even with safe practices have still managed to get them on my PC. Linux, none either.

Tue, Apr 17, 2012 KingMel

I am not attempting to downplay the Flashback trojan problem for Macs. But the title "Flashback infections of Apple's OS X" is somewhat misleading since the vector is Java. Microsoft Word is the vector for a different piece of malware currently threatening Macs. The key to both of these attacks is that third party software provides the vulnerability. I have been running Mac OS X (now just OS X) for many years on multiple Macs. I practice safe computing and have so far successfully avoided malware infections (with the possible exceptions of Adobe Reader, Flash and Silverlight software, all of which are sketchy pieces of code in my opinion).

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above