Has Flashback malware made you consider installing antivirus on your Mac?

Has Flashback malware made you consider installing antivirus on your Mac?

Summary: Hello Mac users, welcome to the problems facing Windows users!


It appears that the Flashback malware may have corralled some 600,000 Macs into a worldwide password-sniffing botnet. Has this latest attack against the Mac OS platform made you consider installing antivirus on your Mac?

Note: Flashback is not a Trojan according to security firm Intego.

Earlier this week Russian antivirus company Dr.Web reported how a new variant of the Flashback had, over the course of two months, built up an enormous botnet consisting almost entirely of compromised Mac systems. This malware represents a new breed of Mac malware. Relying on Java vulnerabilities, it requires no user intervention to be installed on a system, and unlike previous malware attacks against the Mac, it doesn't announce its presence on the system by bombarding the user with fake security alerts.

Apple has finally released patches for the security vulnerability, which should protect users from this attack in the future, but that doesn't help those who are already infected, who will have to remove the malware manually.

Hello Mac users, welcome to the problems facing Windows users!

The last time we went around this loop was last year when the Mac OS X platform was targeted by a piece of malware called Mac Defender. This was primitive malware that users had to manually install and which then went on to throw up an endless parade of fake security alerts before demanding money from the user to fix the problem.

Back when Mac Defender attacks were at their peak, I suggested to Hardware 2.0 readers who owned Macs that it was time to bite the bullet and install antivirus software on their systems. While some were receptive to this suggestion, most felt that having to install third-party protection on their Macs was a disproportionate response to what they saw as nothing more than a minor nuisance. These users claimed that since Mac Defender didn't do anything particularly evil, there didn't seem to be a reason to clutter up the Mac OS with additional security software. And once Mac Defender vanished, it seemed that these users might have had the right idea.

Until now.

Now Mac users are facing a far more serious threat. Having your Mac as part of a botnet, and having malware on the system that's sniffing passwords is a big deal indeed, and far scarier than some fake security popup. Flashback is serious malware. Unless you do some digging around on your system, you won't even know it's there.

That's serious. But is it serious enough to get Mac users to protect their Macs? I hope so, because this incident has highlighted how wide open Mac users are to attacks, and it's clear that Apple doesn't have their backs covered.

[poll id="761"]

Interested in installing antivirus on your Mac? I recommend one of the following:

All of these are excellent products that will offer you a high degree of protection for your Mac.

Topics: Apple, Hardware, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Just one question. Did any antivirus software detect this before last week?

    If the answer is yes, than I will consider it. If the answer is no, than I won't consider antivirus software.
    • No, the antivirus software (Dr.Web) only discovered it this week

      Two conditions should be met before anyone could get infected:
      1) user has to believe that Adobe Flash all of sudden does not update itself (though it does, and does it very visibly);
      2) user has to follow a link to a non-Adobe site where "Flash update" supposed to be.

      (Depending on version of malware, there could be third condition: start of the installation of this "update"; but newest versions do not require that, using Java vulnerability)
      • How you could get infected

        So if you know that Flash updates itself, you will never believe any prompts that would lead you to a page with "updater". Or even if you somehow totally clueless about this, then still you see the link and understand that Flash updater should be on Adobe's site, not on some random weird site that has nothing to do with anything.

        Overall, you have to be twice clueless to get infected. This means that normally you never risk to be infected because you will never follow a link to this "Flash update" page.
      • Most users...

        wouldn't have a clue who makes Flash or that asking for an update is unusual.

        And most users probably wouldn't notice that it went to another site.

        You are a technically aware user, commenting on a technical blog. We know what is what. Most users haven't a clue.

        I have one user that calls Google Chrome "Yahoo! Mail", because that is her home page... Okay, I'm lucky, she won't install any updates, unless she asks me first...

        But most users really don't know or care about computers, they click away dialogs without reading, because they are getting in the way.
      • Yup

        OS X remains untouched as Java is managed by Oracle. And you can't protect against PEBCAK.
      • @rag2

        Oracle is only responsible for Java under OS X Lion - clean install or new machines.

        Versions on older versions of OS X or on machines upgraded to Lion from Snow Leopard are still covered by Apple directly.
    • You talk like a drunk.

      Dont you get the basic premise behind AV security?

      Being a Mac fan you probably do not. Here, let me explain.

      The Windows experience has shown that no matter how good a malware producer is in their plan, its pretty much impossible to get a significant percentage of all vulnerable computers infected in a very short period of time. This is becoming more so the case as years have gone by. It is the case here also with the Flashback malware. The method of delivery pretty much indicates that this would be the case.

      The idea behind AV security in a big part is, that where there is a before unknown or unused vector of attack its likely that even with AV in place a number of computers will get infected, but where there is a robust AV community supporting the platform this will be fairly quickly identified and the appropriate ID signatures will be rapidly updated. The hope is then that without anything more then a standard AV update all those so protected will not have the malware continue to spread to them. The ones who do get infected are quite often easily fixed once the malware has been identified. It brings a rather quick and merciful end to what might have otherwise continued into a catastrophe if everyone just didn???t have AV.

      Unlike the "end of the world" scenarios Mac users used to foist upon Windows users, its a long long way from the end of the world. So much so in fact that even though Windows has suffered what seems like a plague of hacking and malware over the decades non has been so bad as to come close to knocking Windows off the #1 OS in the world. It will not likely be much different for Macs, if the Mac community just admits to themselves that it turns out THEY WERE WRONG when they disagreed that windows was hacked not because of popularity but because it was so easy and Macs were not hacked, not because they were too small a market base but because it was damn near impossible, according to the Mac zealots.

      Well reality has landed, and its time for Macs to get suited up with some AV unless they really want to see how far you can push the situation before a real disaster in |Mac land does happen.
  • Interesting to see the attempted deflection

    "Flashback is not a Trojan according to security firm Intego."

    One thing that has struck me is this attempted deflection of how serious this is by the Apple fanboi community who are shrieking that this is not a virus.

    Who cares? The people infected with this don't care. The "bad guys" controlling the botnet don't care. The website owners who are being attacked by zombie Macs don't care. Apple doesn't care as they have seen fit to release an OS X patch to fight this.

    It seems that the only people who care are the Apple fanbois who want to deflect attention from the real damage this has caused to 1% of the Mac installed base, a percentage that is on par with Conficker (except that as an American, I notice that Conficker barely infected any American computers while Flashback has been hugely successful in the US so Flashback is actually orders of magnitude worse than Conficker to Americans).

    So keep arguing that this isn't a virus as 660,000 Macs get infected, then 700,000 Macs, then 1,000,000 Macs. They'll be relieved to know that their Macs were breached by something that doesn't fit the definition of a virus.
    • It's not often I agree with you

      but in this case you are spot on.
    • I agree

      to many users are hung up on the term "Virus", whereas in fact most infections over the last decade on all platforms have not been viruses, but general malware.

      Who cares if it is a virus, a trojan, a worm or something else, who cares if it uses social engineering or phishing? Malware is malware, it is a bad bit of software and users need to take the threat seriously.

      For technical users, using script blockers and common sense will probably keep them clean - I've been using computers since 1981 and I have never had an infection (hastily touches wood). I've had AV software installed since the early 90s, but I couldn't tell you what an alert looks like, because I've been lucky and I use all the major platforms, OS X, Windows, Linux and UNIX on a daily basis, so I'm not commenting as a fanboi of any particular platform.

      For non-technical users, who don't have a clue about computers or web sites (the vast majority of users and probably the vast majority of users that will get caught out by such malware), they need some protection.

      This is why I think Apple's attitude to security (bury their head in the sand and hope the nasty will go away before anybody notices) is so abhorrent. They had a reputation for providing a very secure platform, but every time they believe their own hype and don't take threats seriously (they had 6 weeks in order to make this a non-story, but they didn't release the patch until after an exploit actually appeared).

      For the average user, installing security software is a good idea, regardless of platform - as long as it works.

      But the security software (we have to stop calling it Anti-Virus, because most attacks aren't viruses these days) needs to be updated as well. The number of machines I come across which are "protected" with Norton 2005 or McAfee from 2002, which were "3 month" trials sold with the computer is unbelievable.

      "Users" need education about how security software works and why they need to keep it up to date, even if that costs them some money.
    • Security terms often mean little in the end.

      Just take a simple read from Intego as to why this is not a trojan. Its simple. Its all about the delivery system.

      In the end, information about the delivery system is very important as pertaining to how to avoid it, if possible. But in the end, its what it does that is the real issue once you have it.

      Certainly there are situations where what a virus may or may not do, what a trojan may or may not do, what a drive-by download may or may not do in the end, may be better or worse depending on the payload. So for Mr. Joe Average the real issue is not a specific name by definition that matters so much as compared to what to do to avoid it and what its going to do to your computer if you get it.
  • Honestly

    There's a large portion of those that own Macs who will reason away the need for antivirus software... Reality, the very idea that the Mac is impervious to such threats has created this illusion in their minds.

    The downside of this, it will be the end of the Mac as we know it and all of those that fled to Apple for safety will be asking why they spent the extra money, if this thing turns into a regular event.
    • Depends.

      I guess it depends first of all what one defines as a regular event.

      There can hardly be a different conclusion that its going to be 'more' of a regular event than it was in the past.

      One thing that also seems to be assured if past history is any kind of predictor for the future; and I am told it is. That is if Mac users largely ignore the inevitable of continued ongoing threats by refusing to install AV and take stronger security precautions that it will be more likely to become a bona fide regular event with all the right ingredients for a Mac disaster in the waiting.

      One thing Mac users have never come to grips with is the obvious and simple fact that despite the ongoing deluge of attacks against Windows it has managed to hold strong, so strong that the world still largely relies on it. That wouldnt have been so likely if Windows users en mass decided they didnt need AV and strong security measures. Even when they are not working as well as hoped they clearly have worked well enough and the Windows world has yet to suffer a catastrophe. If Mac users take action it will likely hold true for them as well.
  • How interesting to see the infection rates then

    Approximately 10 times more Linux computers were part of the Flashback botnet than Windows computers. Considering the staggering amount of Windows computers out there when compared to Linux computers, this Flashback botnet has made a mockery of Linux security, your precious LSM, and your reputation.

    While this Flashback malware is making its rounds, Windows is the safest operating system on the Planet, as confirmed by several companies with reputations that far exceed yours.
    • BS on your claim.

      One, cite your source otherwise it's talk.
      Two, Client side is NOT Server side. Security for the two differs and varies according to the implementation.
      Nice try. But LSM on client PCs works as advertised.
      Dietrich T. Schmitz *Your
  • The real problem

    I may get hammered as an idiot, but I understand the vector as java via browser. In which case, one would have to know how to get one's browser and jvm into that sandbox. I have 90th percentile (entire computing population) Linux admin skills and I wouldn't know how.

    I still am of the opinion that you overlook the BSDs whenever you add -estto your adjectives. I exclude Darwin and OS X from that group.

    I voted no. I still don't use anti-malware on the Windows things I use, though my exposure is 99:1 In favor of OS X.

    For years, I've thought anti-virus is a racket. Maybe when one offers a 100 dollar per incident guarantee, instead of all the as-is, we have your money, and you are still on your own language in EULAs.
    • Different strokes...

      I have kids.
      I have anti virus, anti malware, anti anything I can that works.
      Btw... It has.
  • Out of curiosity

    Was LSM used with the Linux based servers for The Sony network, kernel.org, and/or The Linux Foundation? Just curious if it was or if it use of it could have prevented the issues those servers had.
    • @DTS

      Why is it when someone asks about the 3 incidents I mentioned above all we hear from you is the sound of crickets chirping and see tumbleweeds blowing by?
  • Because . . .

    "Linux with LSM: The safest operating system on the Planet."

    Because it's also the rarest operating system on the planet, and no hacker bothers with it.