Flashback infections of Apple's OS X prove no one is safe
- By William Jackson
- Apr 13, 2012
It has taken months to accomplish, but fixes for the most prolific malware to hit Apple’s operating system appear to be having an impact, and infection rates for Flashback are dropping, according to researchers at Symantec Corp.
The outbreak of OSX.Flashback, which began in late 2011, is a reminder that although Microsoft Windows traditionally receives the lion’s share of attention from malware writers and those searching for vulnerabilities to exploit, no operating system is completely secure. Symantec, which has been following the outbreak, said that although attacks against the Mac OS are not new, Flashback has distinguished itself by the sheer volume of its infections.
Originally spread by masquerading as a Flash update, the most recent version of Flashback exploits a Java vulnerability.
NIST's how-to on securing virtual machines
Estimates of compromises worldwide were in the 600,000 range early this month, but data from Symantec Security Response's sinkhole, which gathers traffic from infected machines attempting to contact the malicious command and control servers, indicates that as of April 11 the number of infections was below 270,000. Most of them are in North America, with the United States accounting for 47 percent.
The drop is likely due, at least in part, to the release of a Java automatic security update that removes the most common variants of the Flashback malware. The update, Java for OS X Lion 2012-003, also configures Java to disable the automatic execution of applets. Users can enable automatic execution, but if Java finds that no applets have been run for an extended period, it will default to disable execution.
Symantec and other security companies also have released tools to remove Flashback, and Apple announced that it is working with Internet service providers to disable the Flashback command and control network.
Several years ago, security professionals warned that the dominance of Windows operating systems was creating an OS monoculture that was a threat to IT security because it not only offered a target-rich environment for malware but could allow a single infection or exploit to compromise a large part of the infrastructure.
The environment has shifted significantly since then. The dominance of desktop and laptop computers is being challenged by a new generation of tablets and mobile devices, which has also introduced more variety in the OS landscape. Not only has Apple become a leader in the mobile market, enlarging the footprint of its operating systems, but a third party has joined the race in the form of Google’s Android OS.
Apple’s culture of control has helped to keep exploits for its mobile devices down, but Android is making up for this in the mobile field by attracting the attention of a growing number of malware authors.
And, as Flashback has showed, no consumer operating system is really safe if someone takes the time to target it. This can make a brand’s popularity a double-edged sword. The more people use it, the more other people are going to want to break into it.
This is not a knock against Apple. It’s a warning against a false sense of security just because you are not running a Microsoft product on your computer of choice.
William Jackson is freelance writer and the author of the CyberEye blog.