It finally happened: for the first time, Macintosh computers have been attacked by a trojan virus in a big way. Few viruses have ever targeted them before, and for decades Apple owners were told simply not to worry, that viruses were a Microsoft problem. Now the owners of over a half-million Mac OS X computers share the pain – and some of the vulnerability – that Windows users have long been familiar with.
The malware is called Flashback, and was discovered not long ago by Kaspersky Labs, a leading Moscow-based software security firm. Flashback can hijack a Mac without even an administrative password, due to its exploit of a flaw in Java. Though discovered last September, Oracle, the company that makes Java, patched the hole back in February, but that didn’t solve the problem. It turns out Apple ships its own version of Java, and their patches weren’t issued until early April. (Obviously, the company has a learning curve about prompt and effective security responses in front of them.)
By now there are a lot of infected Macintoshes – not really all that many by Windows standards, but it can still spoil your day if you have one. The virus masquerades as an installer for Adobe’s Flash, and it can install itself. All you have to do is visit an infected website with an unprotected computer.
As of the latest reports, the trojan has created a botnet – a network of infected computers – which experts have named “Flashfake” that seems intent so far merely on performing “click frauds.” This involves hijacking your web browser search results to generate false ad ratings.
The biggest danger, however, is that as long as a Mac remains infected, the virus designers could download even worse programs to steal passwords and wreak all kinds of havoc at any time. So it’s definitely best to check it out with Kaspersky Labs’ Flashback Check free tool if you think you are infected. Or use F-Secure’s free Flashback Removal Tool which promises to eliminate it as well as detect it.
This is probably the easiest way, as there are various methods using command-line functions posted online, but they may be a little advanced for some users. Once your machine is tested as clean, be sure to download Apple’s security patch. And of course, customers can always contact SWCP’s Tech Support if you need more help.
While the virus is indeed a problem, do not overreact. Macs have luckily avoided the attention of the bad guys in the past. Apple’s market share has been too small, and the Mac OS X’s UNIX architecture is stable and secure. It is less likely that the wildly popular new devices such as the iPad will be so ignored in the future, and the lesson to remember here is that Apple products are not immune.
Though vendors of security apps report a major spike in sales of antivirus programs for Macs as a result, that might not be effective, or even necessary at this point. Apparently, the virus deletes itself when it detects certain software development tools on the target system. However, it is totally unconcerned about most commercial antivirus products, including Norton, McAfee, and F-Secure.
Our techs report good success, however, with ClamX, so that’s what we recommend. The best defense in the long run, though, is to realize that the virus-writers are not nearly as intimidated by antivirus programs as they are by smart users. A little bit of Web savviness remains the most effective shield.