Apple Mac Trojan:
A Russian anti virus vendor has alerted the mac community that Apple Mac’s are far from immune to security issues as the site Dr.Web claims that over 550,000+ computers are now infected with a Trojan horse that apple have finally patched up last week.
*note the advice is to update your O/S now.
The Trojan which goes by the name of: “BackDoor.Flashback.39 trojan,” is easily installed onto unsuspecting macs.
The article on Dr.Web goes on to state:
Mainly North American Mac PC’s affected:
It would appear that close to 80% of computers that are affected are from North America with the U.S at (56%) and Canada at (20%) and the UK coming in at around 13%. Most other countries such as Japan and Australia as well as the rest of Europe are suspected to have infection rates below 1%.
How this Trojan works:
With most affected websites coming under the .nu domain (that famous island of “Niue” of course) and with URL’s spanning many niches and interests but often related to movies and TV streaming services, there is a chance that you could be among the victims.
The Trojan works by saving an executable file (an application I assume, rather than a notorious .exe file which would not work on a mac)….onto the hard drive of the affected mac, this is used to download a nasty payload from a remote server which then launches the application.
But, I hear you say, Macs are much safer than Windows PC’s as they have a barrier of protection via a password layer that needs to be input prior to any new software being installed.
Well passwords are great, but if you are unsuspecting then you are likely to simply input this especially now that so many believe that Apple devices are somehow impenetrable to Trojans and such like.
Here is an explanation as to how the password issue is addressed with this Trojan:
“Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done.”
I am slightly unclear as to what the different outcomes are but that is all I could find on the password issue.
How do we know the figures of infection?
Using sinkhole technology Dr.Web managed to redirect the botnet traffic to their own servers to count affected macs, and this is what they discovered:
Work out if you’re infected:
Using “terminal”, F-Secure have released a set of instructions that should help mac owners find out of they have been compromised by this Trojan and hopefully remove it.
Infection rate put in doubt:
IT security consultant Adrian Sanabria has stated that he is not convinced by the data that Dr.Web have put forward on his blog stating:
“So far, I haven’t seen any other reports numbering the victims of Flashback, but if accurate, such a large infection rate on Macs may change common perception of OS X as ‘virus-proof’ and could result in a spike in Mac antivirus software sales.”
Motivation of commercialism could be telling?
Mr Sanabria went on to say:
“However, given that the company reporting these numbers is in the business of selling antivirus software, I think we need to see their claims corroborated before we get too excited,”
As far as I am concerned, whatever the true figures are I can see that Mac’s will come under more scrutiny from hackers and malware creators for the simple fact that Mac’s are growing in popularity and owners are a bit slack on security due to a perceived invincibility to this kind of attack.
As this case highlights, all it takes is someone to offer you a crappy TV streaming service that requires an application to be installed, or such like, and many Mac owners will simply go ahead and forget that they could be installing something more nasty, as in this case it seems.
What do you think of the Mac Trojan issue, do you still feel that Mac’s are more secure or is this a time bomb ticking away with more nasty surprises on the horizon?Anthony Munns