Malware Catches Up with Macs

Malware effecting Apple computersFull Disclosure: I used to be one of those Mac users who wasn’t too concerned with malicious links and suspicious emails because, hey, I use a Mac and Macs aren’t that susceptible to malware. … Oh how I miss those days.

Mac malware is on the rise, with an estimated 600,000 computers affected but the Flashback Trojan at the moment and another exploit taking advantage of a security flaw in outdated Microsoft Office for Mac files. Here’s some information on the Flashback Trojan’s effects, from PCMag:

The Java flaw exploited by the so-called Flashback Trojan dates back to February, but Apple did not release a patch until April 3. As a result, approximately 550,000 Macs were infected, according to data released this week from anti-virus vendor Doctor Web.

Doctor Web today provided a few more details about the proliferation of the Flashback Trojan. Almost 350,000 of the affected devices were in the U.S., with about 125,000 in Canada, and 75,000 in Great Britain.

In the U.S., Manhattan-based Macs saw the largest number of traceable infections at about 5,000, followed by Brooklyn, Los Angeles, and Chicago. But the whereabouts of almost 18,000 affected Macs was unknown, Doctor Web said.

In Canada, Toronto was hardest hit (14,000), while Londoners were most-impacted in the U.K. (almost 20,000). For more details, see the map below.

As PCMag’s Security Watch noted yesterday, Mac users did not have to download or even interact with the malware to become infected. Websites exploited a Java flaw that let Flashback.K download itself onto Macs without warning. It then asked users to supply an administrative password, but even without that password, the malware was already installed.

And this is how the Microsoft Office exploit works (from PCWorld):

Cluley’s comments come in the wake of the discovery of a new threat that bypasses OS X’s built-in security protection features. Last week, AlienVault reported that it had encountered a malicious Microsoft Office for Mac file that on the surface appeared to be targeting non-governmental organisations in Tibet.

“A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record,” wrote Jaime Blasco on the AlienVault Labs blog. “An attacker who successfully exploits this vulnerability could take complete control of an affected system.”

Fellow security firm Intego in a blog post last Thursday, warned that it was necessary to make sure you keep all software updated—not just anti-virus programs—as though this attack seemed to be targeted, it could be adapted for use against other OS X systems.

“These Word documents exploit a Word vulnerability that was corrected in June, 2009, but also take advantage of the fact that many users don’t update such software,” said the Intego blog post. “Word 2004 and 2008 are vulnerable, but the latest version, Word 2011 is not. Also, this vulnerability only works with .doc files, and not the newer .docx format.”

In the wake of these new issues, some studies are showing that Apple users are even less prepared for the malicious onslaught than their Windows-using counterparts. It turns out that complacency is the issue. We’ve apparently been lulled into a false sense of security (admit it, we knew the lack of Mac malware wasn’t going to last forever) and because of that security we haven’t been keeping up-to-date on actual security measures, like anti-virus software and program updates. From PCWorld:

In the face of new threats aimed at OS X, a security expert said that Mac users may be even more vulnerable than Windows users who are more likely to be running up-to-date anti-virus programs. Graham Cluley of Sophos says that many Mac users are missing a “valuable safety net.”

Mac users should make sure that they have some form of protection, Cluley said. However, keeping your computer safe from cybercriminals isn’t just a case of having anti-virus programs installed. It’s about making sensible choices as well. …

“The only difference is that if you’re running Windows, you’re much more likely to have protected yourself with up-to-date anti-virus software which acts as a valuable safety net.” …

“Don’t be fooled into thinking that you are protected by Mac OS X itself, which will ask for an administrator’s username and password to install software,” said Cluley. “Neither the /tmp/ nor /$HOME/Library/LaunchAgents folders on Mac OS X require root privileges—meaning that software applications can run in userland with no difficulties, and even open up network sockets to transfer data.”

So the bottom line is, update your programs regularly and install solid anti-virus software no matter what system you use or how good you think you are at avoiding malware.

Essential Guide to Mobile App Testing


  1. Trish says

    Something coming from a “I’m Mac user, what did you expect using a PC?”
    I use both, a Mac is better for somethings, a PC for others, but where was your outrage when you thought it’d never happen to you?
    Didn’t you ever stop to think it was because there are so many more PC’s that they were targeted oftener?
    I’ll feel pity when you beg the one’s that you ridiculed for using a PC.

  2. says

    We now use an intel based engine.
    What did we expect?

    I think the solution to all of this is when perpetrators are found they are brought to a large stadium filled with the people whose machines they infected.

    A “discussion” would occur where those affected could express their feelings.

    The affected users would then leave.

    The men with the body bags would then come in to pick up any traceable pieces.

    Word gets out, only the suicidal would want to create male-ware.

    These are my thoughts, but I doubt if I would act on them.
    But it makes me so mad I think about it.
    Lost 2 flash drives with invaluable info on them.

    Hope I never see one of these unless excuses for humanity in a dark alley, really hope I do not.


Leave a Reply

Your email address will not be published. Required fields are marked *