Nearly 600,000 Macs Hit with Flashback Trojan Malware


« New Site Announcement: parental control software reviews | Main | Mac OS X Flashback Trojan Fix in the Works by Apple »

04/06/2012



Nearly 600,000 Macs Hit with Flashback Trojan Malware

Kevin R. Smith
Co-Editor




Many a blog have I written about the necessity of Mac antivirus software, hoping to get at least a few people to drop their delusions about how the Mac and Apple's OS X are impervious to viruses.

Now, don't get me wrong, I'm not trying to start a PC vs Mac flame war/battle. Really. (They're useless.) Nor do I want this to be an, "I told you so."

What I am saying is this: If it has a CPU, chances are at or near 100% that a virus can be written to attack that computer. It's only a matter of time 'til it happens. And, yes, some computers, operating systems, and software are inherently more secure.

Even still, it's important to realize "more secure" doesn't mean "secure."

In a way, we should consider ourselves lucky, like the MacDefender fake antivirus malware, this one is also getting a lot of coverage in the press and elsewhere, so it's raising the specter of viruses being mainstream for the Mac like they are for the PC.

And with that knowledge comes greater understanding of what can be done to protect ourselves. In this case the understanding came because Russian antivirus firm Dr Web uncovered the 550,000 strong botnet that spread via Trojan Backdoor.Flashback.39.

F-Secure also has a good write-up / manual removal instructions on how to remove the Trojan-Downloader:OSX/Flashback.I.

And, if you're a Mac user and you haven't yet gotten it, Apple has an important Java security update. (A Java exploit being the channel through which trojan is infecting the Mac to begin with.)

My $.02, if you're looking for antivirus software for your Mac, our testing is incomplete, but so far we like BitDefender Antivirus for Mac, so if you're in the market, take a look.


UPDATE

Turns out this Mac Trojan isn't some little deal. The folks at F-Secure have found out Mac Trojan Flashback.B Checks for virtual machine!

What's so significant about that?

Nearly all antivirus researchers rely heavily on virtualization software like Virtual PC, VMWare, Parallels, VirtualBox and others to help their research.

Using virtualization software allows the researchers to investigate viruses with the added safety net of doing so in a contained environment. And, in doing so they're able to more easily explore the innards of many viruses.

The malware writers for Windows have figured this out, and many of the most advanced viruses check to see if their virus is running inside a virtual environment and, if so, they shut down, thus making research slower, more tedious, and a lot more difficult.

This is one of those things that's been going on in the Windows virus arena for a long, long time. What's really unexpected though is that it's already showing up in a Mac virus, which on a couple of levels means virus writing is a lot more advanced for the Mac than many virus researchers--and certainly the general public--ever imagined.

The bottom line: if you're running a Mac and you don't have Mac antivirus software, it's time to consider it.

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.