Security optimize

Flashback infections declining, but Mac users urged to be more vigilant

Even as the infections from the Flashback malware decline, researchers are calling for increased vigilance among Mac users. Details emerge on the role of Wordpress-powered blogs in the outbreak.

Mac systems infected by the Flashback trojan are declining, but Symantec says that the decrease is not as rapid as would be expected with all of the removal tools, patches, and instructions that have been made available in the past week or so: "Currently, it appears that the number of infected computers has tapered off, but remains around the 140,000 mark."

As the dust settles around one of the most significant malware outbreaks for Mac systems to date, more details have emerged about how the botnet began in the first place and why North American users were hit harder than others. According to Kaspersky Labs, at first the trojan was distributed by social engineering only -- users were duped into downloading a fake Adobe Flash plugin, but what really made it catch fire in March of 2012 was a "cybercriminal partner program" that appears to be of Russian origin:

The partner program was based on script redirects from huge numbers of legitimate websites all over the world. Around the end of February/early March 2012, tens of thousands of sites powered by WordPress were compromised. How this happened is unclear. The main theories are that bloggers were using vulnerable versions of WordPress or they had installed the ToolsPack plugin. Websense put the number of affected sites at 30,000 , while other companies say the figure could be as high as 100,000. Approximately 85% of the compromised blogs are located in the US.

Whatever the outcome of this particular bit of malware, the era of Mac users' complacency regarding security is probably over -- or should be, according to many researchers such as Kaspersky. As this Ars Technica post reports, Kaspersky is trying to send the message to Mac users that invulnerability of any system is a "myth." With popularity and market share come the accompanying burden of targeted attacks.

Are you currently using additional anti-malware software on your Mac, or are you thinking about installing it? Do you think the Gatekeeper security feature to be released as part of OS X 10.8 this summer will help crack down on the malware problem and make additional software superfluous? CNET's Elinor Mills was pretty high on its prospects from her look at the preview.

About

Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and...

11 comments
JamesRL
JamesRL like.author.displayName 1 Like

But in the 90s, I was involved with anti-virus efforts at a major corporation that had both Macs and PCs. While there were more viruses for PCs, Mac viruses were not at all rare, and I would expect the same today. I had my first experience with a Trojan on April 1, 1987, and it was on a Mac.

bboyd
bboyd

In 1990 my brother borrowed my disks and I lost my Comp Sci project at the time. Learned a couple lessons that year, beer and CS don't actually mix, CS was not my cup of tea and backup backup backup.

JamesRL
JamesRL

I was renting time on a Mac and had been working for 90 minutes straight without saving. The place that rented the time didn't charge for the 90 minutes, but I had to start from scratch. I wasn't the only one though, the trojan activated at noon, and many people got up and cursed.

wizard57m-cnet
wizard57m-cnet like.author.displayName 1 Like

Seems a Java worm ate it! (Just a joke, iFans! No need to get up in arms!) ;)

HAL 9000
HAL 9000

Now I'm going to have to declare a Jihad on you for that comment. :p Col

Gisabun
Gisabun

I guess there will be a rise in Mac base anti-malware. Who would of thought that a couple of years ago.

rhonin
rhonin

For this issue, Mac users fall into four categories: 1. Macs are bullet proof and cannot be infected 2. It's a matter of time, set up for it now 3. It will happen sooner or later. I'll wait till it happens. 4. Huh? Say what? But Apple said..... There is a rumor of a fifth category but as of this post it is still undefined.

Slayer_
Slayer_ like.author.displayName 1 Like

Just look up the old topics.

Vulpinemac
Vulpinemac

Why is it that Kapersky, Intego and other security agencies are only claiming about 150,000 remaining/new infections while Dr. Web from Russia is claiming 550,000--almost four times more?

rhonin
rhonin

On Symantec, Dr Webb and other sites it defines the discrepancy. It is looking more and more likely the higher numbers are correct. If you want a quick look at the "why", jump over to ZDNet.

Gisabun
Gisabun

Who would you trust between them? The 650,000 isn't much a drop since it was estimated thsat there was 700,000+ infected. 150,000 is a big drop but more likely after around 2 weeks of the crap floating around.