Full Disclosure: I used to be one of those Mac users who wasn’t too concerned with malicious links and suspicious emails because, hey, I use a Mac and Macs aren’t that susceptible to malware. … Oh how I miss those days.
Mac malware is on the rise, with an estimated 600,000 computers affected but the Flashback Trojan at the moment and another exploit taking advantage of a security flaw in outdated Microsoft Office for Mac files. Here’s some information on the Flashback Trojan’s effects, from PCMag:
The Java flaw exploited by the so-called Flashback Trojan dates back to February, but Apple did not release a patch until April 3. As a result, approximately 550,000 Macs were infected, according to data released this week from anti-virus vendor Doctor Web.
Doctor Web today provided a few more details about the proliferation of the Flashback Trojan. Almost 350,000 of the affected devices were in the U.S., with about 125,000 in Canada, and 75,000 in Great Britain.
In the U.S., Manhattan-based Macs saw the largest number of traceable infections at about 5,000, followed by Brooklyn, Los Angeles, and Chicago. But the whereabouts of almost 18,000 affected Macs was unknown, Doctor Web said.
In Canada, Toronto was hardest hit (14,000), while Londoners were most-impacted in the U.K. (almost 20,000). For more details, see the map below.
As PCMag’s Security Watch noted yesterday, Mac users did not have to download or even interact with the malware to become infected. Websites exploited a Java flaw that let Flashback.K download itself onto Macs without warning. It then asked users to supply an administrative password, but even without that password, the malware was already installed.
And this is how the Microsoft Office exploit works (from PCWorld):
Cluley’s comments come in the wake of the discovery of a new threat that bypasses OS X’s built-in security protection features. Last week, AlienVault reported that it had encountered a malicious Microsoft Office for Mac file that on the surface appeared to be targeting non-governmental organisations in Tibet.
“A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record,” wrote Jaime Blasco on the AlienVault Labs blog. “An attacker who successfully exploits this vulnerability could take complete control of an affected system.”
Fellow security firm Intego in a blog post last Thursday, warned that it was necessary to make sure you keep all software updated—not just anti-virus programs—as though this attack seemed to be targeted, it could be adapted for use against other OS X systems.
“These Word documents exploit a Word vulnerability that was corrected in June, 2009, but also take advantage of the fact that many users don’t update such software,” said the Intego blog post. “Word 2004 and 2008 are vulnerable, but the latest version, Word 2011 is not. Also, this vulnerability only works with .doc files, and not the newer .docx format.”
In the wake of these new issues, some studies are showing that Apple users are even less prepared for the malicious onslaught than their Windows-using counterparts. It turns out that complacency is the issue. We’ve apparently been lulled into a false sense of security (admit it, we knew the lack of Mac malware wasn’t going to last forever) and because of that security we haven’t been keeping up-to-date on actual security measures, like anti-virus software and program updates. From PCWorld:
In the face of new threats aimed at OS X, a security expert said that Mac users may be even more vulnerable than Windows users who are more likely to be running up-to-date anti-virus programs. Graham Cluley of Sophos says that many Mac users are missing a “valuable safety net.”
Mac users should make sure that they have some form of protection, Cluley said. However, keeping your computer safe from cybercriminals isn’t just a case of having anti-virus programs installed. It’s about making sensible choices as well. …
“The only difference is that if you’re running Windows, you’re much more likely to have protected yourself with up-to-date anti-virus software which acts as a valuable safety net.” …
“Don’t be fooled into thinking that you are protected by Mac OS X itself, which will ask for an administrator’s username and password to install software,” said Cluley. “Neither the
/$HOME/Library/LaunchAgents folders on Mac OS X require root privileges—meaning that software applications can run in userland with no difficulties, and even open up network sockets to transfer data.”
So the bottom line is, update your programs regularly and install solid anti-virus software no matter what system you use or how good you think you are at avoiding malware.