It appears that the Flashback malware may have corralled some 600,000 Macs into a worldwide password-sniffing botnet. Has this latest attack against the Mac OS platform made you consider installing antivirus on your Mac?
Note: Flashback is not a Trojan according to security firm Intego.
Earlier this week Russian antivirus company Dr.Web reported how a new variant of the Flashback had, over the course of two months, built up an enormous botnet consisting almost entirely of compromised Mac systems. This malware represents a new breed of Mac malware. Relying on Java vulnerabilities, it requires no user intervention to be installed on a system, and unlike previous malware attacks against the Mac, it doesn't announce its presence on the system by bombarding the user with fake security alerts.
Apple has finally released patches for the security vulnerability, which should protect users from this attack in the future, but that doesn't help those who are already infected, who will have to remove the malware manually.
Hello Mac users, welcome to the problems facing Windows users!
The last time we went around this loop was last year when the Mac OS X platform was targeted by a piece of malware called Mac Defender. This was primitive malware that users had to manually install and which then went on to throw up an endless parade of fake security alerts before demanding money from the user to fix the problem.
Back when Mac Defender attacks were at their peak, I suggested to Hardware 2.0 readers who owned Macs that it was time to bite the bullet and install antivirus software on their systems. While some were receptive to this suggestion, most felt that having to install third-party protection on their Macs was a disproportionate response to what they saw as nothing more than a minor nuisance. These users claimed that since Mac Defender didn't do anything particularly evil, there didn't seem to be a reason to clutter up the Mac OS with additional security software. And once Mac Defender vanished, it seemed that these users might have had the right idea.
Now Mac users are facing a far more serious threat. Having your Mac as part of a botnet, and having malware on the system that's sniffing passwords is a big deal indeed, and far scarier than some fake security popup. Flashback is serious malware. Unless you do some digging around on your system, you won't even know it's there.
That's serious. But is it serious enough to get Mac users to protect their Macs? I hope so, because this incident has highlighted how wide open Mac users are to attacks, and it's clear that Apple doesn't have their backs covered.
Interested in installing antivirus on your Mac? I recommend one of the following:
- Ed Bott: Second source confirms: 1 in 100 Macs are infected by Flashback
- Over 600,000 Macs infected with Flashback Trojan
- The scariest thing about the Flashback Trojan: I have no idea how to fight it
- New Mac malware epidemic exploits weaknesses in Apple ecosystem