So you’ve heard the news that there’s a new virus going around that targets the Mac OS, and which has already compromised an estimated 600,000 Apple users. Perhaps you thought Macs couldn’t even get viruses – many users are under this impression. Although it’s not nearly as common as on Windows platforms, the myth that Macs can’t be infected just isn’t true. It is possible and it does happen.
The scale of this particular attack though is held by experts as appearing to be one of the largest ever on Mac systems, perhaps marking the end of the carefree days of Apple users not having to worry about anti-virus programs. As the popularity of the computers and usage of the OS has spread, criminals are now finding ways to exploit and attack the machines.
Since Mac users are not used to malicious software attacks and virus threats, and many mistakenly believe they are immune, they make themselves particularly vulnerable to this new wave of security breaches.
Here’s the good news and bad news about the Flashback Trojan.
Good: The new threat, which is being called the Flashback Trojan is not technically a virus, it’s a Trojan Horse. This is good because it means it can’t self-propagate to infect other computers.
Bad: Although not a virus as such, it is malicious. Like other forms of malware, your computer is still vulnerable, and if you are infected the intruders can potentially hijack your machine, controlling it remotely and using it as part of a larger botnet.
“We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals’ hands. However, we know people create viruses to get money.” Said Boris Sharov, the chief executive of Russian anti-virus firm Dr. Web, the firm that discovered the number of machines infected by the Flashback Trojan.
Trojans can also be used to mine your machine for personal information and log your keystrokes, making login IDs, passwords, credit card numbers and any other personal identifying information at risk of data theft.
Trojans typically masquerade as helpful software, in this case starting out as what appeared to be a safe browser plug-in.
The Flashback Trojan, also called BackDoor.Flashback.39, originally popped up last September disguised as an Adobe Flash update. After installation it disables certain security features and sends a message to the control server with a unique ID to identify the infected machine, allowing hackers to potentially control it.
More recent versions of the malware exploited a small Java vulnerability, using the weakness to install the code that infects the computer in lieu of the fake plug-in. Macs were primarily affected in this attack due to the fact that Apple supports its own version of Java. While Oracle patched the problem several months ago, Apple only issued a patch to close the vulnerability last week.
Users that have not downloaded and installed the newly released security patch to protect their Macs continue to remain exposed and at risk.
Although this treat reveals the need for Mac users to finally consider installing some form of antivirus to protect their computers from both future and existing threats, there are luckily a few ways to determine if you are infected by the Flashback Trojan and remove the malware software from your system.
We recommend F-Secure’s removal guide or, if you prefer a more visual guided step-by-step walk-through, you can get the same information in an easy to follow format at iJailBreak.com by clicking here.
In the end, if the fear of viruses attacking is too much to bear, you may just have to switch to Linux.