Hacker News new | past | comments | ask | show | jobs | submit login
Flashback trojan reportedly controls half a million Macs and counting (arstechnica.com)
179 points by iProject on Apr 4, 2012 | hide | past | web | favorite | 117 comments



As someone who used to sell Mac computers, I used to get asked the question "Is it true macs never get viruses?", to which I replied "No that's not true." (It was just an apple reseller store afterall so I was never compelled to bend the facts.) I'd try to explain the caveats a bit: a smaller market share and the unix based operating system requiring more permissions, yada yada, being "prohibitive" to an attack but still vulnerable. Still, for 3 years that question came up a few times a week, even as apple started taking off (2006-2009 ish) and grabbing more and more of the market.

I guess it was just amazing to me how disinformation like that flows so freely. It probably started out with the caveats but eventually got boiled down to "Macs never get viruses". And what computer company is going to publicly correct that statement?


Yes, it is correct that Macs can get viruses. Where people get upset is when you generalize this to say that because >1 virus exists, OSX presents no significant advantage over Windows.

Viruses are not a fact of life for Mac users. Talk to anyone who uses or services Macs; you'll be hard-pressed to find anyone who's even seen an OSX virus. Whereas for Windows power-users, cleaning viruses for friends/parents is practically a rite of passage.

OSX is still dramatically safer in terms of your actual risk of a random remote attack. Whether this is economics or superior engineering, or how Windows and OSX stand up to deliberate attackers, I will not pretend to know.


Viruses are not a fact of life for Mac users.

Neither are trojans, and that is exactly why this trojan has manifested so successfully. Windows users are mostly hardened to the basic threats of the internet (don't open a random exe etc), and are cognizant of the reality that malicious software does target them. Non-technical Mac users have been lulled into a false sense of security that will eventually make them a more vulnerable target than a Windows user (as Win7 and OSX pretty much stand shoulder to shoulder in terms of security).

OSX is still dramatically safer in terms of your actual risk of a random remote attack.

What is your evidence for this?


I've done ~15 Windows reinstalls in the last few years, and every single one of them was malware masquerading as anti-virus software. OSX's reputation may make Mac users feel invincible, but Windows users' knowledge of their vulnerability opens them to pretty effective scare tactics.

In fact, it hit my house twice, and I'm not exactly incompetent: Win7, Security Essentials, kept on top of Windows Update, no admin privileges for little brother or mom, updated Firefox, etc. The last time, it turned out we were behind on Java updates - it popped up in the systray 5 or 6 times a day for a few months and the few times my dad tried to allow the update, it failed. I didn't know about that until I was in the room while my brother was using the machine and I saw a dialog that looked an awful lot like Windows reminding you to install AV but not quite right. No way anyone else would have noticed that the background gradient was just a bit off. Did a scan... MSE was showing me 20 different Java exploits and "Anti"virus 2012 wouldn't let me open Firefox again outside of safe mode. Not something my parents would be able to deal with when I'm not there; they would have had to pay somebody. Its replacement will be a Mac; they like OSX better anyway.

I worked for a small-business IT firm for 3 summers and have never seen or heard of OSX malware except from the blogosphere/HN/media. We took our clients' security pretty seriously - corporate domains, enforced Automatic Updates, no idiots with local admin, corporate endpoint antivirus, antivirus in the spam filter, Sonicwalls, Firefox wherever possible, etc. Still, we got virus calls pretty frequently. I would usually babysit the reinstalls at a reduced rate, but when I wasn't interning, businesses were shelling out $150/hour for that. To be fair, most were XP, but there were a few virus calls for Win7.

I don't have statistics, but if you're going to claim OSX has fallen as far as Windows in terms of infection rate, I think the burden is on you to show some data. Again, just as many family friends running OSX as Windows; I've had Macs die (my MBP's motherboard gave out right after 4 years), I've had Macs run out of disk space, I've had the PowerPC/Intel switch lose my family a lot of money because perfectly good ~2006 machines can't run a modern OS or Flash/Firefox/iTunes, but I've never seen malware for OSX.


I've done ~15 Windows reinstalls in the last few years

So what? I've reinstalled Windows three times since Windows 7, and it's never been due to a virus. The last company I worked at was a Windows shop that also had 0 malware problems. Anecdotes are pointless in this discussion.

I didn't know about that until I was in the room while my brother was using the machine and I saw a dialog that looked an awful lot like Windows reminding you to install AV but not quite right. No way anyone else would have noticed that the background gradient was just a bit off.

Yes, your brother was the victim of a social engineering attack, the exact technique used to infect these Mac users. Windows systems aren't inherently less secure, and every terrible ailment described in your post is the result of voluntary action taken by the user.

I don't have statistics, but if you're going to claim OSX has fallen as far as Windows in terms of infection rate, I think the burden is on you to show some data.

No. The onus is on you to demonstrate how Windows 7 is inherently less secure than OSX. You're making vague assertions about how Windows is less secure but you haven't given specific examples of why that is true, only anecdotes that anyone can counter (or bolster) with personal exeprience.

The bottom line is, short of 0-days, both systems are equally secure.


You are constraining your discussing to Windows 7. I am not. XP may have disappeared from the life of a non-corporate programmer, it's still everywhere for me. Hence the impedance mismatch. Most of our shop's customers did not see a business need to upgrade, and acquaintances that can afford to buy new computers while their old ones are still running (however poorly) tend to be Mac users anyway.

>every terrible ailment described in your post is the result of voluntary action taken by the user.

No, it was a remote Java exploit. The dialog was to get you to pay for it after it had already installed.

The point is that despite all this talk about OSX viruses, malware is still not a part of day-to-day life with Macs to anywhere near the extent it is with Windows (when you include XP).


You are constraining your discussing to Windows 7. I am not. XP may have disappeared from the life of a non-corporate programmer

Well what version of OSX are you using to make your comparison? SP3 to 10.8? Either way, there isn't some nebulous security gap between OSX and Windows, vulnerabilities exist in all systems and a responsible vendor patches them when they're discovered.

Please show me how to remotely compromise an up to date SP3 machine. Yes, there are exploits that exist at points in time, but the same is true of OSX, just google "OSX exploit".

malware is still not a part of day-to-day life with Macs to anywhere near the extent it is with Windows

All that proves is that there is more malware targeting Windows, it speaks nothing to the inherent security of the system since malware can't install itself.


|vulnerabilities exist in all systems

Couldn't disagree with you more.


Your attempts at maintaining blissful ignorance of the probability of attack are very sweet and your final sentence could perhaps hold up as logically holding some water (I'd argue that you, like the poster to whom you are replying, have taken a very narrow view to support your position) ...the fact is that in practice and for the average user your assertion is flat out false.


> every single single one of them was malware masquerading as anti-virus software.

I'm curious what you think about Malwarebytes Anti-Malware - this was the only product that was able to clean my father's Win7 PC for Antivirus 2012 (by booting into safe mode with networking and running the cleaner). Paid for the Pro version. A little difficult to get working with the Symantec virus scanner but worth every penny for not having to make the trip to my parents to clean malware since...


If most trojans and viruses are still made for Windows, how can this statement not be true? If you took a random sampling of infected websites or virus emails, the large majority would probably be targeted at Windows.

Actual risk of a _targeted_ attack is a different matter.


OSX is still dramatically safer in terms of your actual risk of a random remote attack.

It certainly was in the WinXP years due to a far superior security model, but I'm curious if this is still the case with modern windows.


The developer mindset on Windows is still stuck in the 90s, and most of the exploits are due to the laggards who've never taken the user experience for updating very seriously (Adobe, Sun/Oracle, various streaming video players, etc.) or treating security as an optional feature and installing with insecure defaults (see previous list).

Mac culture has been less user-hostile for a long time so Mac apps usually have e.g. automatic updaters (and rarely the crazy login-to-vendor-website-to-download insanity) and lack installers, making it less common to require authentication or slop things around the entire filesystem. This is not perfect but it avoids some of the pathologies which Microsoft (and Chrome) are slowly dragging the Windows community out of.


I've had new Mac users insist that I recommend an antivirus for them. Users who had very safe habits, didn't download basically any software or visit warez sites. They simply - and very sadly IMO - cannot reconcile the idea of a world where AV software is not completely necessary.

They'd only make their computer slower but hey, it's their choice.


Dude, you need to update your mental threat model. These days, there's no such thing as "safe habits" - you're up against drive-by downloads that exploit browser or plugin vulnerabilities and are delivered by all kinds of perfectly normal websites that just happen to be vulnerable to SQL injection.


My cousin, for instance, uses her Mac as a word processor, email reader, Wikipedia reader or DVD player 90% of the time. Works in TextEdit, doesn't download basically anything at all. Does everything basically inside Apple's walled garden. The only "dangerous" thing she did in the past is using MSN for Windows. This could mean automatically receiving payloads and run them by just having an infected contact, because of Microsoft's "wise" defaults. This doesn't happen on Adium. I think she doesn't login to that network much anymore, now it's all about Jabber (gtalk) and Skype I reckon.

Unless Apple started injecting payloads there's basically no plausible way to get her infected. She doesn't even "browse the net" for the most part, doesn't click on links, doesn't give a f.

There are safe habits. AV companies would like to have you thinking you're always about to have your nix based system rooted, but this is damn unlikely for most people not using dodgy sites. I fancy my chances to get struck by lightning above her chances of having her system compromised, and I don't get out of my house scared.


Malware creators are going to get more creative and more dangerous now that Windows is better and Macs are more popular. Technical countermeasures can only do so much against a determined mind with a strong incentive.


Windows is now better? What the fuck. You do realize this is Java exploit, and that recent versions of OS X don't even ship with Java. And on top of that this "malware" asks user for their admin password to install itself. And on top of that if you have dev tools or any of the popular system monitoring utilities it gives up!

Contrast that with typical Windows situation where no user cooperation is required to get infected.


Cool down, turbo, he's saying that Windows has improved from what it was in previous versions, not that Windows is better than OS X (the horror!)


He's also edited his post to make it less ambiguous.


I don't recall it being more ambiguous at any point, but my brain is bad at keeping revisions. Even if you're right, it doesn't excuse the tone.


Drop the hostility and reread what I said. I didn't say "Windows is now better than Macs."


>> Viruses are not a fact of life for Mac users. Talk to anyone who uses or services Macs; you'll be hard-pressed to find anyone who's even seen an OSX virus. Whereas for Windows power-users, cleaning viruses for friends/parents is practically a rite of passage.

That's because the market share of Mac is so small that no smart virus developer would even bother wasting their time creating one.

On the other hand, create a powerful virus for Windows and the next day your on CNN.


These days I think you'd be much MORE likely to get press coverage for a virus that targets OS X than for one that targets Windows.


Didn't Apple used to claim that Macs didn't get viruses? I can't remember. (This would be at least several years ago, when Mac malware was still fully theoretical.) It's possible they never stated it directly, and the phrase was spread by fans.

To be fair, their slogan is currently "Macs don't get PC viruses" [1]. Which is true. Although, devilishly close enough to blur the two in somebody's mind.

[1] http://www.apple.com/why-mac/better-os/


Whoa, no kidding. The majority of people are not going to stop on those two letters and consciously differentiate "virus" from "PC virus."


"A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers."

Pretty clear.


It's not at all clear. It's deliberately ambiguous. If they wanted it to be clear they would have said "Macs are only susceptible to a fraction of the number of viruses plaguing Windows-based computers."


Clear? One possible interpretation of just that statement alone could easily give the impression that viruses in general are therefore not an issue for Macs.


There are two possible ways to interpret this:

1. "A Mac is susceptible to viruses. But it is not susceptible to viruses plaguing Windows-based computers."

2. "A Mac isn’t susceptible to viruses, whereas a Windows-based computer is susceptible to thousands of viruses."

The fact that you still get viruses, but they just don't happen to be the same viruses, isn't worth stating. So as a customer, it is very unlikely that I would infer the former (Meaning 1) from the statement. Yet it is what is meant.

I would personally call this misleading (and dangerously close to lying).


No, it's not clear. It implies that the Mac can't get any viruses.


No. If they didn't qualify it with "PC" it would have that implication. By qualifying it, they make it unambiguous.


They're implying that only PCs have viruses.


No, they are stating that Macs are not susceptible to PC viruses, which is true.

They are implying that viruses are a severe problem on PCs that Mac users do not face. This was undoubtedly true when they were running those adverts.


Yes. They are stating that Macs are not susceptible to PC viruses. Yes, this is true. However this is not worth stating, so most people would infer that Macs cannot get any viruses from that sentence.


It may not be worth stating to people round here who are essentially experts in the field, but to the vast majority of everyday PC users it's not at all obvious and very much worth stating.


According to the paragraph that follows: A Mac isn't susceptible to the thousands of viruses plaguing Windows-based computers. That's thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.

They're saying PCs get viruses and Macs don't because of the way it's designed. Not that PCs get PC viruses and Macs get Mac viruses.

They are also implying that it's the sole reason for the lack of viruses, when it's mainly the lack of users. That would explain why it's not susceptible to every other type of software available on Windows.


Next sentence: "That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part."

I guess they should be "thanking" the general incompatibility with Windows binaries.


Given that macs are PCs, being personal computers, it's not true that macs don't get PC viruses.


I believe "PC" has historically meant (or often been used to imply) "IBM PC compatible" (http://en.wikipedia.org/wiki/IBM_PC_compatible) which Apple/Mac was not, until they switched to x86.


The problem is that viruses don't relate to the architecture - otherwise linux and *bsd (on the x86 platform) would have also been windows-like with their malware.

I know I'm playing semantic games here, but so is Apple with this slogan :)


In the context of Apple's "Mac vs PC" campaign, does anyone seriously have doubt about what they mean by a PC?


I know I'm playing semantic games here, but so is Apple with this slogan :)


Not really - in context it's perfectly clear what they meant.


In the general public's eyes Macs are computers, so yes they are PCs. In the Appleland, "PC" is synonomous with "Microsoft Windows", and hence Apple Macs aren't PCs.

I had a long time Apple user ask me if I had a Mac or PC. I was using Ubuntu Linux at the time, so I said PC :P


You should have just said, "Linux". Mac users make this distinction because they constantly need to inform I.T. manager's that they are not using a Microsoft Windows OS. Originally, this meant an IBM-PC or an IBM-PC compatible computer, but it was a whole lot easier to just say "PC". I'm sure Linux users also need to explain to their network admins that they're running Linux.

The term "PC" persists not just for historical reasons, but because its hard to come up with a replacement term. A "Mac" refers both to hardware and the OS, whereas a "PC" means "Windows OS running on Windows-compatible computer". I suppose we could replace the term "PC" with "WOS-ROWCC".


I was going to post the exact same thing, but spent the last five minutes searching site:apple.com virus for a direct quote. Seems they've changed their lingo as I definitely remember (around the time of the whole mac vs pc campaign) a definite statement about not getting viruses at all.


Maybe this ( https://www.youtube.com/watch?v=GQb_Q8WRL_g ) (MAC v. PC advertisement on viruses) is what you were thinking of?


For even the most generous interpretations of "several", Mac viruses were not merely theoretical several years ago.


The interesting part is that I still haven't seen one traditional "virus" — even is thing appears to still be just social engineering users to install it, by pretending to be Flash Player. I can't imagine it's that much more difficult to actually find an OS X vulnerability to propagate with, but I still haven't seen any.

Edit: It appears this uses a Java vulnerability, rather than the fake-Flash Player-installer that it was originally reported using (possibly an older variation of the same malware). So that's no longer accurate!


And almost no Windows "malware" in the last decade has been a traditional "virus" either. Trojans, social engineering, all so much easier.


I disagree. Visiting a malicious website or opening an email that exploits a vulnerability in your os or software is very common.


Citation? The last thing along those lines I'd heard of was the PNG(?) exploit.


Well, for one, the Java vulnerability discussed in linked article is actively being exploited on Windows to install that obnoxious fake "Antivirus 2012" malware.


And those are not viruses unless they self-replicate.


I would consider the series of Sasser and Bagle worms during 2004 to be a traditional virus.


Exploit kits are big these days!


The interesting part is that I still haven't seen one traditional "virus"

Originally, when it was just us geeks using computers, 'virus', 'malware', 'trojan', etc. where different terms for different things.

Now a days, 'virus' is used by the general public & media to refer to any sort of bad programme that should be removed.


Doesn't it use a Java exploit?

From the article:

>..the most recent variant from earlier this week targeted an unpatched Java vulnerability within Mac OS X. That is, it was unpatched (at the time) by Apple—Oracle had released a fix for the vulnerability in February of this year, but Apple didn't send out a fix until earlier this week, after news began to spread about the latest Flashback variant.

>..the malware installs itself after you visit a compromised or malicious webpage, so if you're on the Internet, you're potentially at risk.

Where is the social engineering part?


Well, it does have to get the user's permission to install it first...

From the F-Secure site: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashb...

On execution, the malware will prompt the unsuspecting user for the administrator password. Whether or not the user inputs the administrator password, the malware will attempt to infect the system, though entering the password will affect how the infection is done.

If infection is successful, the malware will modify the contents of certain webpages displayed by web browsers; the specific webpages targeted and changes made are determined based on configuration information retrieved by the malware from a remote server.


Did you even read the page you linked or the text you pasted?

It specifically states that the malware will infect the machine even if the user does not give permission.


Well, I feel stupid. I just skimmed it after going through the detection steps. I missed the part where it installs itself to a different location if it doesn't get the user's password.


Well this had to happen at some point. Though it has a small marketshare and is based on unix, given the kind of demographic that uses a mac, (richer, more connected, etc) it is very lucrative for trojans to infect a mac and steal personal information, identity. It's unfortunate that people have this misunderstanding that macs don't get viruses and are actually not careful when using a mac.


I don't think small market share was ever really a reason that Mac OS X didn't get traditional viruses. UNIX-based servers have always had a huge market share, and since servers are presumably a more desirable target of infection and cracking than home computers are, we would have seen traditional viruses hit UNIX machines a long time ago if it were realistically doable. Also, before Mac OS X became as popular as it is now, there were lots of Windows users who hated Apple fanboys and would have loved to write a wide-spread virus that targeted Mac OS X if possible. But it seems like Windows, especially pre-NT and pre-Vista and pre-7, but even now, has a unique vulnerability to traditional viruses. Obviously, Mac OS X can still get hit by trojans if people use intelligent social engineering, but I feel it's still not too much of a semantic exaggeration to say "Macs don't get viruses."


There are a lot more Windows desktops than UNIX servers. Just picture that every UNIX server is in average serving more than one Windows machine.

Also, it is way easier to attack a desktop than a server. Desktop users are more careless than server admins and have many more different applications malware can use to gain access: im apps, browsers, media players, pdf viewers, flash runtimes, etc. To attack a server you have to find an exploit using an http, ftp or ssh request to a limited and more secure, in general, set of programs.

Apple is growing very fast and it is finding itself in that position now. You can see that in the new security measures of the Mac App Store. By limiting what apps itself can do you limit what malware gaining access to those apps can do. Maybe Microsoft should have done something similar to prevent Windows from being the virus hub.


This virus spreads from visiting malicious websites or websites with malicious ads. Since not much browsing happens on servers, there is no reason to target them.

>lso, before Mac OS X became as popular as it is now, there were lots of Windows users who hated Apple fanboys and would have loved to write a wide-spread virus that targeted Mac OS X if possible

What? Does that mean that some Windows viruses were written by Mac fanboys to make Windows look bad?

> But it seems like Windows, especially pre-NT and pre-Vista and pre-7, but even now, has a unique vulnerability to traditional viruses

How? Can you explain what you mean by Windows having a unique vulnerability that is not present on a Mac?

> Obviously, Mac OS X can still get hit by trojans if people use intelligent social engineering,

Again, this is a drive by exploit from a web page, not social engineering. Why is this so hard to grasp?


> This virus spreads from visiting malicious websites or websites with malicious ads. Since not much browsing happens on servers, there is no reason to target them.

Servers have a lot more information (thousands of credit cards, email addresses, passwords, etc.) than desktops. Criminals who seek personal gain rather than just mayhem would target servers.

> Does that mean that some Windows viruses were written by Mac fanboys to make Windows look bad?

No. To use sociological terms, Windows was the dominate group, Mac OS X the subordinate. When Mac OS X was starting to come into vogue in the first half of the 2000s, there were many fanboys that kept bragging about how their computers were infinitely better than "PCs", and everyone who grew up in the 90s and 2000s has surely had conversations with Windows users, often gamers or early /b/ users, who had almost a religious vitriolic hatred towards every aspect of Apple--Mac OS X, Mac computers, fanboys, "one-button mice", etc. Now that Mac OS X is accepted as a well designed OS, those fanboys and that hatred seem to be much less visible, although now lots of people dislike Apple for becoming the new Microsoft with regards to patent lawsuits, but I digress. The point is that whenever such vitriol exists, there are people dying to prove that they're right, in this case that Mac OS X wasn't immune to viruses like the "mactards" (that's one of the terms they called Apple fanboys) claimed. Did you really not witness this phenomenon of hatred in the early 2000s?

> How? Can you explain what you mean by Windows having a unique vulnerability that is not present on a Mac?

Mac OS X is essentially the Aqua window system atop Darwin, the OS's underlying system that descends from FreeBSD. As a form of UNIX, it does not give non-root users direct kernel access. Windows doesn't have this very logical restriction, and more and more ways are discovered to exploit this. Windows Vista and 7 have tried to mend this flawed infrastructure by asking users to explicitly authorize everything, but we all know how that's worked out.

> Again, this is a drive by exploit from a web page, not social engineering.

Escalation was allowed from the JRE vulnerability, but it was my understanding that initial authorization had to be given to run it. Edit: I just reread the article and it appears that this was a self-installing trojan. If that's the case, that certainly shows that vulnerabilities that allow self-installation as opposed to just privilege escalation do show up in Mac OS X from time to time, but from my limited experience, the main way to make use of trojans targeting Mac OS X is to use social engineering to install them (e.g. take advantage of the fact that Finder hides file extensions by default, and then change an executable's icon to that of an image, and then preserve the metadata in an archive) and then take advantage of a security vulnerability that allows privilege escalation. Such vulnerabilities are incredibly rare in Mac OS X since unlike Windows, kernel space is isolated from users.


> Such vulnerabilities are incredibly rare in Mac OS X since unlike Windows, kernel space is isolated from users.

That's just flat wrong and hasn't been true for an OS Microsoft has supported for mainstream use since 2003 [1]. Windows XP and all current Windows releases are based on the protected NT kernel which debuted in 1993 (with Windows NT 3.1). In fact, Microsoft and Apple stopped shipping OSes with unprotected kernels in the same year (2001) with Windows XP and OS X "Cheetah", respectively.

Look, Microsoft has made a lot of mistakes with respect to security (bad defaults, running as Administrator too often, too many low-level bugs, ...). Since OS X, Apple has had a much better security track record. That's why it is so frustrating to see people criticize Microsoft for mistakes they fixed a long time ago instead of focusing on current (or at least recent) issues.

[1] When Microsoft downgraded Windows 98/98SE/ME to paid support and critical security fixes only: http://support.microsoft.com/gp/lifean18


That can't be true. If NT-based versions of Windows implemented a system call mechanism that protected the kernel from users, XP wouldn't have been ridden with viruses, and there would have been no purpose in giving Vista and 7 the access control mechanism to warn users of potentially harmful system calls. By the way, Cheatah just refers to the original Mac OS X. Your phrasing "stopped shipping OSes with unprotected kernels ... [starting with] Cheetah" makes it sound like Mac OS X initially didn't have this protection, which is not the case.


First, Cheetah wasn't the first Mac OS X. There was Mac OS X Server 1.0 in 1999 (see: Wikipedia). Cheetah was the first desktop-oriented version of Mac OS X.

Second, I didn't imply that prior versions Mac OS X didn't have kernel protection, I implied that prior versions of Mac OS didn't have kernel protection. This is indisputably true (see: Mac OS 9). Personally, I find Windows / Mac OS parallel surprisingly close here: Windows ME is to Windows XP as Mac OS 9 is to Mac OS X Cheetah.

Third, UAC (User Account Control), the access control introduced with Windows Vista, is almost entirely unrelated to kernel protection (except that UAC would probably be pointless without it). The problem UAC tries to solve is "users running as an administrator too often", not "the kernel isn't protected from user programs". In other words, it is Windows' answer to sudo, not a fundamental change to the Windows kernel.


Whoa, it aborts infection if you have XCode installed?

Is this just to prevent itself from infecting someone's computer that might be able to study it?


According to some malware researchers I've talked to it is not unusual to find that kind of hardcoded exceptions. I thought that it was to avoid infecting "clever" users, but they told me sometimes malware coders bundle those to avoid infecting their own computers (or their clients') without being to obvious about it. It's apparently not unusual to also find exceptions for IP blocks of whole countries or ISPs.


That would be my guess. Perhaps it wanted to stay un-detected, and un-reverse engineered as long as possible? It just played the numbers game in terms of time until discovery, and gave Xcode users some respect? Hence deleting itself in the presence of anti-virus software as well?


It just played the numbers game in terms of time until discovery, and gave Xcode users some respect?

I guess false negative was ok in this case. ;)


Haha, yeah, I wrote the sentence as it appeared in my head, realized it was incomplete and would make no sense to anyone, then just kinda slid the rest in....


I read that it also aborts and removes itself if Little Snitch is installed.

I take requests from LS pretty seriously so it makes sense that they would do it. I would google the process and port if a random request occured.


That is really clever.


I personally have XCode installed at /Applications/Xcode.app/Contents/MacOS/Xcode, so I ran the command at https://www.f-secure.com/v-descs/trojan-downloader_osx_flash...

I got the "does not exist" result anyway, despite not having any of the software listed installed except for Java.


Apple includes a lot of third-party software in OS X, and if they don't start patching those packages as promptly as the software maintainers do, exploiting these non-Apple or open source packages could become a common strategy. Attackers can watch other platforms roll out updates before Apple and then target the same software in OS X. Not that the same vulnerabilites will always work, but it's certainly a worry.

This particular exploit is not a great example, since they removed Java by default. But all the other cross-platform software that is included is worrisome if not prompty updated.


That's a good observation. Avoiding GPL3 software, like newer versions of bash and gcc, might have the unintended consequence of putting their users at risk.


I highly highly doubt we'll see a day when there are significant exploits for Joe Soap Mac User from a bug in bash or gcc. Those are not software that Joe Soap is likely to have install (e.g. gcc), or will be hard for a website to run.


I think they install bash by default, not sure if they use gcc's libstdc++.


I seriously doubt that 600,000 macs were infected... How do we know this number is correct? Because a completely unknown security firm that sells Mac antivirus software ("Dr. Web", a russian antivirus company) tweeted about it!


> completely unknown security firm

Completely unknown? It's on the market almost for 20 years.


Fair enough, with one caveat: Everyone who trumpets security/anti-virus company press releases about Android should be required to shout about 600k Macs just as loudly. I wonder how many will.


I also am extremely skeptical.


At least it is easy to check if you're infected. According to this tutorial, it's also not difficult to remove the trojan: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashb...


Of note — if Java is the attack vector, new Macs were not vulnerable by default as they don’t ship with Java installed anymore a/o 10.7 Lion. AFAIK, the biggest reason anyone would have Java is if you’re running Adobe products.


Or LibreOffice, or Eclipse, or...

Java is plenty widespread. It's a good bet that most systems are going to end up with a JVM on disk somewhere after 6 mo - 1 yr of usage.


I don’t know — those aren’t apps normal people install.

(And: The same people who install Eclipse, Minecraft, LibreOffice, or Photoshop are also more likely to have one of the apps that Flashback avoids co-habitating with: Little Snitch, Xcode, etc.)


Minecraft is _hugely_ popular with anybody under 14. To the point that it's no longer only nerdy parents that showed their kids it, it's kids hearing about it from other kids.

It's simple to buy and install and get working. There is no reason to assume that Mac users running Minecraft are going to also have Xcode or Little Snitch.


Well, it's a good thing that designers don't use Macs then.

Oh.


+ minecraft


I have XCode installed, so I guess I'm safe from this. Do you have any standard advice for how a regular MacOS user should configure their system to be safe? I don't even have anti-virus software installed like I do on my Windows machine, I assumed the Mac OS took care of that (but not if 1/2 million Macs are infected with this thing =/). I do keep the built-in firewall turned on. Is there a website or something that I can go to that will teach me what steps I should take on my MacBook Pro to keep it clean?


I personally run chrome and block all plugins by default, and enable them when I think I have a good idea what the plugin is doing. You can then set specific sites that may always run plugins, so it's not overly annoying when on a few flash-heavy sotes. Presumably Safari has a similar option.

Unfortunately Chrome only allows you to "run all plug-ins" on a site or "block all plug-ins", so there's still a possibility of enabling Java when you meant to enable flash to view a video. However, it's probably a good first step against attacks like these.

I also run under a regular user account without direct sudo access, so any action that modifies system files should request an admin password. Jeff Atwood (codinghorror.com) had a good post about this for Windows: http://www.codinghorror.com/blog/2007/06/the-windows-securit...


I can’t seem to /newpoll — but I would like to see, out of those who run the instructions to check for the virus, how many of us actually had it. (I didn’t.)


I didn't, and I installed the JAVA stuff to install CS5.


What annoys me is that I just found Java to be enabled in Firefox again, when I was pretty sure that I had disabled it before. I suspect that yesterdays update reinstalled it into Firefox. (I could be wrong, though - but I definitely remember starting Safari just for the sake of trying Minecraft, because it was the only one of my Browsers with Java enabled).


IIRC Mozilla are going to blacklist out-of-date Java versions in FF.


It's actually kind of fun when I occasionally get a virus. I always remove them by hand, piece by piece, and tracking them down is a learning experience. It's also amusing seeing some of the clever tricks they pull.

Maybe it's time to get a Mac?


What do you learn? What have you ever done with that knowledge?


It teaches about the structure of the registry, and gets your hands in some of the low-level hooks of the system. It mostly teaches you how to remove viruses. I didn't mean to say it was truly practical knowledge; I just enjoy discovery.


This both saddens and delights me, as it proves that Macs are now at a large enough market share that malware writers are willing to target that platform ...


To Linux! Quickly now!


In 10 years, I bet most of us will be running Linux on the desktop, actually.


Cuz I haven't heard that for the past 15 years....

But as a recent convert to the Linux desktop, I kinda hope so.


My guess is it will be a 3 ghz quad-core android phone that docks on your monitor & wirelessly connects to everything else.


At the risk of perhaps angering the Linux community here (I work on a Linux box too), may I suggest that's where Windows 8/WP7 is going? And at further risk of anger, I will suggest that Android has reached its peak.

Evidence for point 1: Windows has such a large base of "desktop" applications with a larger base of active developers. Not only that, the majority of the world uses their standards for word processing, spreadsheets, presentations, etc. Honestly, OpenOffice and GoogleDocs are both still horrid. Horrid. Compared to Word 2010 on both Windows computers and OSX-based computers. Guess what? Most of the world, including us techies, still need to present, write documentation, yadda yadda. Perhaps when/if someone else develops an open/Ubuntu/RedHat/etc office suite that can actually match MS Office in ease of use and in reliability, then I'll change my mind.

Evidence for point 2: Android has grown quickly in the past three years because (in my opinion) of personalization, novelty, hardware, and free angry birds (maybe not). Android being "open" really...doesn't make a big deal to your average consumer (again, this is my opinion based on what I've seen). The big issue that's splitting through the three major draws for Android-based devices is massive fragmentation. On the device side, there are so many Android phones that ALL LOOK THE SAME (but are slightly different), that come out every other week, the novelty of owning "THE NEWEST ANDROID PHONE" dies out every other week. The fragmentation between devices is also massively confusing to the average consumer. Does the consumer want...the Galaxy S II...the Galaxy Nexus Prime...or the Nexus S? And by the way, what's the difference between all six (there are four flavors of the Galaxy S II) of these phones?? Software fragmentation is also leading to a fairly horrid user experience as developers have to develop for 2.3, 3.2, and 4.0.4. Never-mind that the UI actions for each of these OSes are very distinct and different, the UI LOOKS COMPLETELY DIFFERENT.

I don't know. I'm using a RAZR (first on 2.3 and now on 4.0.4) and I'm still not satisfied with Android. This is coming from one of the first adopters of the G1 (which I still have, and it still functions). I am eagerly waiting for the next generation (after the 900) of Windows phones.

(Wow, this didn't mean to turn into a rant...but hum.)


> Windows has such a large base of "desktop" applications

Unfortunately, Windows 8 tablets and the hypothetical Windows 8 phone that turns into a full desktop when you hook it into a monitor will both run on the ARM architecture. These are not binary compatible with existing Windows executables.[1] This means that any advantage that Windows has in quantity of applications does not translate to new types of devices. When it comes to phones and tablets, unless Windows gets the market share first, there will not be (m)any "killer apps" for the new platform that aren't first-party Microsoft apps. I'm not sure that Microsoft Office is important enough on mobile devices to convince everyone to switch.

The largest advantage that Windows traditionally had (almost all the apps are written for it) is gone as soon as you make the switch to ARM.[1]

[1] https://en.wikipedia.org/wiki/Windows_8#Software_compatibili...



I hope so. I really really hope so. That's the direction I see computing going in the future, despite all the haters that say a tablet/phone will never replace the "desktop"


You'll need to kickstart Moore's Law again.


Serious question - how do you see us getting to there from where we are now?


Did not pre X versions of Mac OS have more viruses in the wild with much smaller market share?


From Apple, Mac OS 9: How to Check For Viruses: http://docs.info.apple.com/article.html?artnum=50569


I remember a bunch of Word Macro viruses on pre OS X systems. But I was in high school so I could be mistaken.


Well, I saw this movie called "The Net" and there was a virus on a Mac.

Then again, that's hollywood.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: