The scariest thing about the Flashback trojan: I have no idea how to fight it

The scariest thing about the Flashback trojan: I have no idea how to fight it

Summary: The recent reemergence of the Flashback OSX trojan has shown a lot of things, but none more clearly than this: I have no clue how to counter virus and trojan threats on the Mac.

TOPICS: Malware, Security

For four years in college I worked in my school's IT department. It was nice, my job, because honed my computer skills on a variety of fronts, teaching me the ups and downs of how to identify and fix all sorts of computer problems.

Malware removal was at the forefront of these skills. Pretty much all students had computers, but painfully few of them were all that great at taking care of them. Part of the blame was with Windows, but most of it was with users themselves. That was just the reality.

But then something significant started happening: Students starting buying Macs, and in rapdily increasing numbers. We watched the numbers grow each year, as Macbooks started eating into the marketshare formerly reserved for the gamut of Dell Latitudes and Toshiba Satellites. It was mesmerizing, but also worrying.

The ambivalence stemmed from this: If you asked any college student five years ago (and, hell, any college student now) why they decided to buy an Apple computer, chances are they would respond, without fail, with the following: "Macs don't get viruses."

Most of us are aware now that that's not true. Macs have remained relatively unscathed by threats because for a very long time very few people owned them. Things are different now -- though, admittedly, not much: As of October 2011, OSX commands around 13% of the U.S. PC market, which, while not a terribly high percentage, is plausibly enough to make the OS a target.

Market share realities aside, the vision of these new Mac owners was enticing. If Windows were a country, it would be one plagued by war and disease, and these new Mac owners would be like refugees fleeing into Apple's sheltering arms. Buying a Mac was entering starry-eyed into a utopia of worry-free computer use. "Macs Don't Get Viruses" was their mantra.

Very rapidly it became clear there were some major problems with that line of thinking. One, it wasn't true, and, two, it gave a lot of people some very dangerous assumptions about the reality of safety and using a Mac.

It was obvious on the IT end as well. Regular virus and malware threats on Windows had hardened our skills against them. On Windows, we had all the anti-malware tools we needed, and a deep knowledge on how to counter any number of issues. The constant threat made us constantly prepared.

Things on the Mac front could not have been any more different. The comparative lack of viral threats on the Mac end had left us soft, exposed. It was a utopia, sure, but the barbarians were at the gates.

I remember telling friends and supervisors multiple times that if a major Mac virus or trojan were to emerge, I would be at a complete loss as to how to fight it. This is probably still true, as the emergence of the Flashback trojan has shown most clearly.

The most recent version of Flashback targets a unpatched Java vulnerability in OSX, one that Oracle fixed months ago but Apple never got around to relaying. Now, I'm still not entirely sure what Flashback does, but I was pretty completely clueless on how I could fight it. This is the bitter reality of being a Mac owner in 2012. I have very little idea of how to keep my machine safe.

And I imagine many other Mac owners feel the same way. If the half million Flashback-infected Macs are any indication, Mac owners are all going to need a crash course in computer safety. And fast.


New OS X malware variant attacks unpatched Macs

Topics: Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Seriously??

    It's called a virus/malware scanner, it's not rocket science. There are those for the Mac OS too you know.
    • The fact that he doesn't know the difference between a virus & a trojan

      Should have been clue #1 that's he's not exactly the sharpest tool in the IT shed.

      But for the rest of you, simply Google "Mac Flashback trojan" and you'll find all the resources you need to learn if you have it, remove if you do, and avoid it if you don't (otherwise known as Software Update).
      • Software update?

        Apparently, you yourself are not the sharpest tool in the shed. Did you not notice where the article says that Oracle updated Java months ago, but Apple did not? Yes, there's an update now, but I feel for those in the 600,000 club who may have to freeze their credit cards and pay out the nose (nothing new to a Mac user) to clear their names; all because Apple is slow to release an update. Clearly, updating on the part of the user is not enough... or do you think this won't happen again? Riiiiiiight.
    • Err

      None of them were catching this. The effectiveness of A/V Software is always drastically overstated. In short, A/V software isn't very effective.

      So why the decline in malware on Windows? Simple: Windows, it isn't the insecure malware invitation it once was. Microsoft have to take a lot of the credit here - those A/V companies? Not so much.
      • Windows, it isn't the insecure malware invitation it once was?

        Working in the field of supporting the end user, I have found no particular evidence of a safer Windows experience. The malware is just as nasty and people still get infected at a very regular rate and there are new vulnerabilities being found and patched with increasing regularity and still the malware authors seem to find and exploit them with alarming success.

        I do believe that Mac's are inherently more secure but as long as one vulnerability can be found and exploited, the term "inherently" more secure means absolutely nothing. There is no excuse for and it is absolutely unjustifiable that Apple has not fixed a known vulnerability in so many months. Mac Users need to wake up and stop defending Apple and start demanding Apple provides them with a secure product like their advertising suggested.

        I'm not at all suggesting that they switch to Windows where the problem of security is indeed more worrisome but if they give Apple a pass and don't hold them to a higher standard There abject denial that their is a problem developing and insistence that Its worse for MS users will be of little consolation.
    • Only install software from trusted sources

      it's as simple as that.
      It's a trojan, the ONLY thing getting past the Mac's security because the user grants it passage. Viruses on the other hand, like those on windows, still don't work at all on Macs because Macs actually has a functioning security without third party software.
  • fight it with denial

    and a new shinier apple gadget that will scare away the virus by virtue of apple's might alone. ;)
    The Linux Geek
    • LOL

      That was funny
      Loverock Davidson-
    • @Linux Geek ... you just cost me a keyboard

      cleanup job from losing the soda i was supposed to be drinking like an elephant spraying water out its trunk in a swimming pool.

      (n.b. oh, and be sure you get that episode script to the Futurama writers before they begin the next season ... they're bound to get a feature length movie out of that one (..or at least a two-parter). :P
  • Use the same skills you use to fight them in Windows.

    Yep, I am stating the obvious huh. Bubba Jr, and little Bubbett, have a free Mac AV on their system, Sophos.

    Quoting momma Bubbett, "this is not rocket science add a Mac AV keep it updated, now get out of my kitchen I am fixing dinner".
    • Enter the MAC user learning curve.

      A virus and malware are 2 different things and most anti-virus software does a poor job of stopping malware or fixing a malware infection.
      • Sophos

        Sophos provides a free anti-malware tool for Mac:

        Ironically, it's not free for Windows...
      • Well . . .

        Well, I wouldn't say that's entirely true anymore. Many products advertised as anti-virus have become some sort of catch-all for any type of malware, often in an attempt to one-up their competitors. You really want to read the fine print these days rather than just the name of the product to find out what it's all about.

        Even though the [i]technical[/i] usage of the word means something very specific, the [i]common[/i] usage of the word has essentially become "something bad got installed on my system," and marketing departments know that. So do check the fine print rather than reading too much into the product name.
      • Not really

        Malware is a genric term. Virus, Trojan, etc are types of Malware.
  • Reformat, reinstall

    At least, it works for Windows. Honestly, for any serious malware infection, I'd rather take that route than any other.
  • The best way to protect yourself from Flashback?

    Use an OS that is immune to it. Like Windows.
    • I noticed..

      you were at -4, but I found your post rather funny. :-)
  • Flashback is centered around Java, specifically the Java plug-in

    [i]Is Java installed on your system?[/i] If not, you're done.

    [i]Do you need Java?[/i] If not, uninstall it. If so, keep Java updated on your system.

    [i]Do you need Java for desktop applications, but not for web sites?[/i] Completely disable the Java plug-in for your web browser(s).

    [i]Do you need Java for a few websites, your so-called 'trusted sites'?[/i] In your web browser(s) settings, whitelist the Java plug-in for those websites URLs. The Java plug-in will be disallowed for all other web sites, including those you might be redirected to. Depending on your web browser, you may need to download an add-on to enable URL whitelisting (e.g., NoScript for Firefox).

    And running OS X as either a standard or managed user, instead of as the Administrator in the default account, won't hurt.
    Rabid Howler Monkey
    • It won't stop Here

      This will be a game of "Whack-A-Mole" just like on the PC. When one hole is patched another zero-day exploit will be exploited.

      This is inevitable. What we need to do is fortify our systems which means anti-virus and HD encryption on the PC and Mac.
      Longer term the only solution is to move to managed platforms i.e. iPad, Windows 8 on ARM.
      These will provide additional security and do not run unsigned code and implement Application sand-boxing.

      They are not a panacea but at least more secure by design.
      • No...

        Most infections happen because of browser plugins - as we move to a "plugin free" Internet this will stop.

        This is as true on Windows as it is on Mac.