Apple Not Acting Fast Enough To Counter Flashback Trojan
A security expert has told IBTimes UK that he believes Apple has not acted quickly enough in response to the Flashback trojan which has reportedly infected over half a million Macs around the world.
Apple today issued a statement about the malware, stating it was working on software "that will detect and remove the Flashback malware." While it has issued a patch, this only works for people running Mac OS X 10.6 and above, meaning all Mac on OS X 10.5 and below are still vulnerable. No specific date has been given for the release of the removal software.
News about the Flashback trojan emerged last week when Russian antivirus company Dr. Web claimed the malware had infected 550,000 Macs around the world - the figure was later revised upwards to 600,000.
The Mac Flashback trojan has been around since 2011, and exploits an unpatched Java vulnerability within Mac OS X. While Oracle and others issued a patch for the Java vulnerability back in February, Apple only closed off the malware's main entry point with a Java update last week, on 3 April.
What has surprised many is the size of this botnet with many people believing that Apple Macs were nowhere near as vulnerable to malware and viruses as Windows-based PC. However Rik Ferguson, Director Security Research & Communication EMEA at Trend Micro says this type of malware has been around for some time but is only now growing:
"Malware has existed on the Mac platform since pre-OS X days, as have anti-malware tools. However the radical change in the nature of the malware industry coupled with Apple's huge success in recent years, means it is a trend which is now far more likely to be exploited for malicious ends and at the financial cost of the end user in the coming months and years."
However Ferguson believes Apple has been far too slow in reacting to the threat of malware:
"Security updates issued by Apple are issued too slowly and not on any regular schedule. In this particular example, the most recent security update contains fixes for many vulnerabilities. The specific fix in question comes about six weeks after Microsoft, Adobe and Oracle released their fixes."
Ferguson continues: "Apple's sluggishness on security updates could perhaps have been defended in the past by the relative paucity of malware on that operating system, however Mac OS is increasingly attractive and increasingly exploited by criminals."
When asked if Apple needed to speed up its efforts at fixing these types of problems, Ferguson said: "Should Apple start patching more quickly? In general terms, yes and particularly where an exploit is in-the-wild. This is certainly one area where Apple could learn a few lessons from the much abused Microsoft, in terms of the release of security bulletins detailing vulnerabilities and applying a graded rating system."
Ferguson believes that Apple's unwillingness to talk about the issue openly is not only harming its customers, but also inviting criminals to attack the obvious vulnerabilities:
"It is misguided to believe that the simple act of not talking about publicly disclosed, and worse, actively exploited, vulnerabilities will protect your customer. Criminals follow vulnerability trends and abuse them as soon as code is available."
There are a number of ways to check if your machine has been infected. The most straightforward is to go onto Dr. Web's online Web utility which will cross reference your hardware set-up with its own database of machines that have been compromised. If it doesn't find your machine, you're in the clear.
Alternatively you can use the Terminal application, found in your Mac's application folder and run a trio of Terminal commands. All you need to do is copy and paste each of the strings of code below into the Terminal window and the command will run automatically.
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If you are not infected the Terminal window will tell you the domain/default pairs "does not exist." If you are infected however, the Terminal will show up the patch for where the malware has installed itself.
If you are infected and don't want to wait for Apple's software update to roll out, then security firm F-Secure has published a detailed step-by-step guide to removing the Flashback trojan from your Mac.
Apple has not announced a specific date when the software will be available to remove the Flashback trojan but it has said that people using Mac OS X 10.5 or below should disable Java in their web browsers to better protect themselves.
© Copyright IBTimes 2024. All rights reserved.