back to article 550,000-strong army of Mac zombies spreads across world

The Mac-specific Flashback Trojan created a zombie army of 550,000 Mac machines by exploiting a Java hole that Apple only patched on Tuesday, six weeks after Microsoft plugged it up on Windows machines. This is according to Russian anti-virus firm Dr Web, which arrived at the figure after it successfully managed to sinkhole …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Oh my....

    The shadenfreude...is just too delicious to bear......

    1. g e
      Facepalm

      Re: Oh my....

      Appleists haven't got over the 'loss' of Instagram yet, either

      I'd shed a tear but it'd be crocodile-flavoured (is that kinda chicken-y?).

      1. Audrey S. Thackeray

        I'd shed a tear but it'd be crocodile-flavoured (is that kinda chicken-y?).

        I had a crocodile pie once and it was more like flavourless haddock than chicken.

        Of course it is possible I had a haddock pie and some Aussie pie flogger had a giggle at my expense.

        1. Someone Else Silver badge
          Coat

          I had Haddock once

          ...but I took some Motrin, and it went away.

          (You know, when someone hangs a curveball, you just gotta take a swing at it....)

      2. Anonymous Coward
        Anonymous Coward

        Re: Oh my....

        You should have been around earlier.

        Clearly El Reg aren't getting enough page views so they've posted the same story twice.

        http://www.theregister.co.uk/2012/04/04/apple_java_update/

      3. Scott 1

        I'd shed a tear but it'd be crocodile-flavoured (is that kinda chicken-y?).

        I can't say about crocodile, but I've had alligator on several occasions. That is indeed rather chicken-y.

      4. Steve the Cynic

        Re: Oh my....

        My recollections of crocodile meat, from when Sainsburys sold it as precut strips, around 1998 or so, I think, are:

        1. It has a distinct texture that vaguely looked like it would go in flakes (like white fish does) as I cooked it, but was meat-like rather than fish-like, and didn't flake at all. The texture was more like beef or lamb than it was like chicken.

        2. It was nearly white in colour, which added to its resemblance to fish.

        3. It had distinct, but not particularly strong, flavour that was not very much like chicken.

    2. Arctic fox
      Windows

      Re: Oh my......."The shadenfreude"

      I have to admit it is so veeeery tempting. However, I hope that Cupertino really take this as a warning and get their collective arses into gear. None of us is served by this kind of shit (I know, I smiled as well) and it is best (in my humble opinion) that we recognise that we are all in this together (whether we like it or not) and act accordingly.

    3. Anonymous Coward
      Anonymous Coward

      Re: Oh my....

      Any corroboration? This is a single claim.

      Has anyone confirmed his findings?

    4. Frank Bough
      FAIL

      Re: Oh my....

      You're living in a dreamworld. I've been a Mac user since 1989. Total viruses, trojans so far? 0.

      I'm sure you can spin that the wrong way if you try REALLY hard.

      1. Rune Moberg

        Re: Oh my....

        And I have been a Windows NT user since 1993.

        Number of malware so far (not counting that awful PowerDVD crapware that came with my burner): 0.

        Most of that time I have surfed with Javascript disabled. That fended off quite a few threats in the early years.

        I also avoid installing any antivirus products. They lead to a false sense of security. Case in point: I've helped people clear trojans that their AV software only managed to pick up on after quite some time (I kept a sample at work where we are forced to use AV software).

        OSX has grown in popularity. Welcome to your worst nightmare.

    5. Anonymous Coward
      Anonymous Coward

      more like shaden BS ..

      More like shaden BS if you ask me ..

  2. Anonymous Coward
    Anonymous Coward

    Oh the humanity!

    Shame on you, El Reg, for such terrible, self-evidently baseless scaremongering.

    The creed of the True Believer has always held that Macs don't get viruses.... ;)

    1. Anonymous Coward
      Anonymous Coward

      Re: Oh the humanity!

      cue the "it's not a virus... it's a trojan... don't you know the difference.. .blah blah blah..." from the pedants out there...

      1. Gerhard Mack

        Re: Oh the humanity!

        It's only a trojan if a user has to install something. This is an honest to goodness virus and anyone who says otherwise is just flat out wrong.

        1. stanimir

          Re: Oh the humanity!

          The definition is correct, why the downvoting? Generally, "trojan" refers to a malicious program that requires a user consent. It just pretends to be something else while performing rogue tasks.

        2. Anonymous Coward
          Gimp

          Re: Oh the humanity!

          erm you have to type in your admin password for it to install

          and if it detects any software like little snitch (and even Xcode!!) it won't install!

          I'd like to see where they got these numbers from - are they selling anything?

          1. Darryl
            Gimp

            Re: Oh the humanity!

            erm no you don't. RTFA:

            "The Flashback malware was capable of installing itself on unprotected Mac machines without user interaction, a factor that goes a long way in explaining the success of its spread. Users become infected simply by visiting a site loaded with exploit code, in drive-by-download-style attacks."

            Besides, I would think the best response to something like this happening is "Gee, I should make sure my software is up to date and I have a working antivirus."

            Not

            "They're making this up!" or "Oh yeah, well Windows gets viruses too, so there!"

            1. Frank Bough
              FAIL

              Re: Oh the humanity!

              MacOS AV software is an even more pathetic scam than Windows AV is.

              1. Mike Flugennock

                Re: Oh the humanity!

                "MacOS AV software is an even more pathetic scam than Windows AV is..."

                I figured that out after about four or five years of struggling with Virex, and pretty much everything from Norton or McAfee. Also, by that time (early '90s), the Web was just starting to become widespread, and so there was a whole new set of common-sense do's and don'ts for how to handle things like Java, JavaScript and unsolicited downloads, not to mention all the attention of malware authors seemingly shifting to Windows. Back then, I was still using a scanner to check my downloads for viruses, but I'd ditched my automatic self-running AV suite -- the stuff that would run at boot time, and barge in to check every file I opened -- because it was slowing my system to a crawl and was getting to be a bigger pain in the ass than it was worth.

          2. Mike Flugennock

            Re: Oh the humanity!

            erm you have to type in your admin password for it to install...

            Yeah, that's right; almost forgot that...

            and if it detects any software like little snitch (and even Xcode!!) it won't install!

            I'd like to see where they got these numbers from - are they selling anything?

            Good point. Also -- for some reason -- I'm suspicious of that outfit simply because they're Russian. Makes no sense, I know, but...

          3. Franklin
            Thumb Down

            Re: Oh the humanity!

            "erm you have to type in your admin password for it to install"

            Actually, you don't.

            It's a bit of an odd duck, this one. It asks you for an administrator password, but you don't actually have to type it.

            When the malicious Java applet runs, it attempts to download additional code. To do this, it prompts the user for an administrator password. If the user is gullible enough to type it, the downloader installs a payload in the Mac's Applications folder, and (I believe) sets it to run automatically at startup.

            If the user *doesn't* type the administration password, the downloader installs a hostile payload in the user's home folder. This payload runs in userland, without administrator privileges, and I'm not certain but I don't believe it runs on restart (and it certainly doesn't if the user restarts and logs in to a different account). It's a lot more limited in what it can do, but it does still run, and (if the user doesn't have the firewall enabled) does seem to have the capability of making outside connections.

            So the upshot is: No, you don't have to type an admin password. If you don't, the infection is somewhat mitigated, but it is still effective.

    2. Mike Flugennock

      Re: Oh the humanity!

      I've been a "true believer" since '85 and, iirc, one of the first major viruses discovered in the wild -- or at least the first that got any media attention -- was a Mac virus, around 1988 or '89.

      I won't speak for other "fanbois" -- jeezus, I hate that goddamn' word -- but one of the first things I learned twenty-odd years ago was to not be complacent. I still think criticism of Windows for its defaults being set to "hack me, root me, trojan me, pwn me" out of the box, but I've always paid close attention to virus/malware reporting in the Reg and elsewhere as I knew sooner or later some miscreants would get around to doing a Mac virus or trojan, and I wanted to be sure I was ready for them (Firefox/NoScript/Adblock/Flashblock/LittleSnitch FTW).

      1. Arctic fox
        Thumb Up

        @Mike Flugennock Your post demonstrates very clearly that as a Mac-user you,......

        "I won't speak for other "fanbois" -- jeezus, I hate that goddamn' word "

        ..........on the basis of your posting, do not remotely fall within the definition "fanboi" - in contrast to a certain number of the postings we get here at El Reg from a particular proportion of Cupertino's fan-base. I work with a number of "Mac-folk", amongst others, graphic designers and scientists - I would not describe any of them as "fanbois", serious people all of them for whom I have a great deal of time.

        -:)

        AF.

        1. Mike Flugennock

          Re: @Mike Flugennock Your post demonstrates very clearly that as a Mac-user you,......

          Thanks. The first computer I ever used or owned was a Mac; the design shop I was working got some in early '85, and I bought my own shortly after that. I think that if I'd used any system other than a Mac, I would be totally fearing and hating computers now. As it was, I was able to explore and experiment and learn about how computers and networks work because the Mac "just worked"; I could concentrate on my work and on self-education with my computer because I wasn't spending half the day ripping my hair out trying to figure out why stuff wasn't working.

          But, aaaa-aaaanyway... long story short... yeah, I hate being tagged as a "fanboi" because I've used a Mac for over 20 years and really like it, but I can still dig where people are coming from when they fling that word around whenever I glance at the TV and see all those goddamn' hipsters lining up at 3:00 in the goddamn' morning to pay too much for iPhones and iPads... and I catch myself mumbling "jeezus, what a bunch of fanbois!"

    3. Frank Bough
      WTF?

      Re: Oh the humanity!

      Find a Mac with a virus in less than 24 hours and I'll buy you a drink.

      1. Rune Moberg

        Re: Oh the humanity!

        I am very tempted to say "find a Mac in my area in less than 24 hours and I'll buy you a drink".

        In my circles, there is about 1 Mac user for every 50 Windows user. True, it would not be hard for me to find an infected Windows machine, but it is because I know which particular user is most likely to have an infection at any given time. (OTOH maybe he has cleaned up his act by now, in that case I'd be hard pressed to find an infected Windows machine)

      2. Zippy the Pinhead
        FAIL

        Re: Oh the humanity!

        Well according to El-Reg you would be buying over a half million drinks as that is the number reported to have been infected by this drive-by infection.

  3. ChrisM

    Critical Mass Acheived

    Must be worthwhile targeting Apple now, plus Apple users are generally higher net worth.

    As has been seen before, the OS isn't the route in.

    1. Anonymous Coward
      Anonymous Coward

      Re: Critical Mass Acheived

      Easy target too. All you have to do is look at what's patched in the latest Java release from Oracle - you've then got at least a couple of months to come up with a Mac exploit.

      1. Anonymous Coward
        Facepalm

        Re: Critical Mass Acheived

        The thing is I can definitely remember clearing a virus from about 20 production Macs over 20 years ago in System 7 - no idea what it was called now.

        Anyone who ever said Macs can't get a virus was an idiot, same as anyone who either repeats or claims such nonsense now

  4. Shardik
    Pirate

    Oh rilly

    Just shows Mac users have the same level of stupidity as PC users. So what's new...

    "Users that have been visiting a site with the malware will first be asked for an administrator/root password, if the users decides to enter the password the Flash Trojan will be installed in the application folder. "

    D'uh... what if I just enter my password here...

    1. Anonymous Coward
      Anonymous Coward

      Re: Oh rilly

      RTFA again. That was version 1 of the virus. Version 2 didn't require any user action.

    2. Mike Flugennock

      Re: Oh rilly

      Just shows Mac users have the same level of stupidity as PC users. So what's new...

      D'ahh, not so fast. See my previous comment re: encountering my first Mac virus in the late '80s.

      "Users that have been visiting a site with the malware will first be asked for an administrator/root password, if the users decides to enter the password the Flash Trojan will be installed in the application folder. "

      Hey, c'mon, I'd have to be totally rock stupid to give the admin password to something trying to execute which I don't even recall asking to download. Add to this the fact that I installed NoScript, AdBlock Plus, FlashBlock and LittleSnitch ASAP after upgrading to OSX would indicate a level of stupidity approaching zero.

      Amazing how much a "fanboi" like myself can learn from paying close attention to the news about Windows viruses, trojans, malware and "social engineering" tricks in El Reg.

  5. TeeCee Gold badge

    Mustn't........laugh........

    "......capable of installing itself on unprotected Mac machines without user interaction...."

    Well at least there's no danger of Apple being sued over that one. MS have let the patents lapse through disuse.....

  6. Shane8
    Linux

    lol

    LOL a mac....

    Linux 1 - 0 Other

    1. This post has been deleted by its author

    2. Yag
      Thumb Down

      Re: lol

      Do you realize that this is an indication that an unix-based OS can be tinkered enough to allows it to be infected by a virus?

      I know, "thou shalt not log as root for trivial operations", but try to tell it to Mr Everyone...

      1. Chemist

        Re: lol

        It's well known that Unix/Linux systems can get viruses - the difference has been that they've never become a widespread problem.

        In any case if you want to be more sure in a Unix type OS use different accounts for different things.

        I have an account I ONLY use for really important stuff like banking and another for for visiting sites that MIGHT be dubious. It's so easy to switch why not. Unless you can't be ars*d in which case you deserve all you get.

        1. Anonymous Coward
          Anonymous Coward

          Re: lol

          @Chemist

          Separate accounts don't stop you getting a virus/trojan and if you get infected with your "dodgy stuff" account, you're still infected. If you used your "dodgy stuff" account and were silly enough to enter your root password or have software which runs as root (or even just a bit elevated) which has a vulnerability, you still have a seriously compromised system.

          1. Chemist

            Re: lol

            "dodgy stuff" account, you're still infected."

            "dodgy account " is still infected true but it's all just still extra layers of defence. Other accounts will not be so 'safe' account is still less vulnerable. Of course if a further vuln. allow escalation then that is a different matter.

            "dodgy account" by the way is deleted/recreated at weekly intervals

            Too complex a topic to describe in detail here but LONG complex passwords, multiple accounts, firewalls, NAT routers, Firefox/Noscript/ABP and a lot of other techniques alongside using Linux have kept me safe over the years.

            Keeping an eye on the logs is useful. I esp. look for SSH attempts which is my only open port ( protected by unusual port number, one unusual account name and a long, difficult password)

    3. sisk

      Re: lol

      There are Linux viruses in the wild and there have been for a while now. And that comes from one of your fellow Linux users.

      Basically if you're running without antivirus on any system, you're an idiot.

      1. Chemist

        Re: lol

        "Linux viruses in the wild"

        I didn't actually say that - the known viruses are more curiosities, they never spread far as the architecture is rather unfriendly. Most of the antiviruses look for Windows viruses to stop them being passed on.

      2. Anonymous Coward
        Anonymous Coward

        Re: lol

        I don't buy that argument about anti-virus and never have. It's good at detecting stuff that's been around the traps a while but none of them score 100% in tests so you're just flying under the assumption of protection. Avoiding these things requires a multi-faceted approach and I find anti-virus decidedly ex-poste. I've never ever run it on Linux and have never had an issue.

      3. eulampios

        Re: lol

        >>Basically if you're running without antivirus on any system, you're an idiot.

        Basically, If you rely on an antivirus to protect you against the weaknesses of your operating system, you are an idiot. If you knowingly running an OS that fails to address many security problems on its own to require some murky, obscured tools, you are an idiot squared.

      4. eulampios

        Re: lol

        >>There are Linux viruses in the wild and there have been for a while now.

        It would be nice to support this claim presenting names of the alleged viruses with the estimated numbers of infected Linux users, each linked to the corresponding sources. Otherwise, it is a never-ending FUD of an MS Windows fanboy.

        1. eulampios

          ὅπερ ἔδει δεῖξαι

          So, downvoting instead of providing actual sources. FUD it is.

          QED

        2. RAMChYLD Bronze badge

          Re: lol

          > It would be nice to support this claim presenting names of the alleged viruses with the

          > estimated numbers of infected Linux users, each linked to the corresponding sources.

          I'm starting off this post with "I'm not a Windows Fanboi", I run quite a few Unix systems in my lair (of which three runs different flavors of Linux, and one OpenBSD box acting as a router).

          That said: http://ubuntuforums.org/showthread.php?t=1349678

          This cropped up back in '09 . It caught my attention by appearing in an issue of LinuxFormat . I think it's proof enough that even friends of penguins aren't safe anymore.

          1. This post has been deleted by its author

          2. eulampios

            @RAMChYLD

            Ramchyld, so you're running an OpenBSD? Sure, no kidding? And may I ask, do you know, if a person starting the thread in your link is running plenty of OpenBSDs along with a Debian? And he/she is not kidding either:

            "I have installed a deb from a site claiming to be an Screensaver however it looked dodgy however I proceeded."

            Just, FYI, try not to install outside of central repositories, especially with sudo/root and/or binary only (even from gnome-looks. website) . With major distros/BSD users have a huge selection of various software, unlike their Windows counterparts. Possible reasons of going against such practices might be either recent switch from Windows, or a low IQ.

            Another "not-a-Windows-fanboy" had a similar joke http://forums.theregister.co.uk/forum/containing/1359363 . Yours is good too :)

            On a serious note, I've seen names of alleged Linux viruses and trojans on some antivirus makers' websites. All of them had nothing to claim about their relevance in the wild, except for a couple from the early 90s supposedly infected tens or hundreds of Unix users.

    4. Anonymous Coward
      Linux

      Re: lol

      A complacent penguin is an endangered penguin

  7. JakeyC

    Fanboi slates Java, misses point in 3, 2, 1...

    Only a matter of time until a Fanboi comes along to tell us how crap Java is, this isn't Apple's fault, Macs are still 100% virus-free and did I mention how good Apple are?

    1. Mike Flugennock

      Re: Fanboi slates Java, misses point in 3, 2, 1...

      Well, let's face it, Java is crap... and I've known since at least 1989 that Mac OS is vulnerable to viruses if I don't pay attention to what the hell's going on.

  8. n4blue

    Why...?

    Serious question - no Apple or Java bashing here. Why is it that Apple manage the Java updates for OSX when Oracle do them for Windows and Linux? From what I've read it seems Apple would prefer Oracle to do this, but how did they get into this situation in the first place?

    1. ThomH

      Re: Why...?

      As part of their desperate attempts to become relevant again c.1999, Apple built Java directly into OS X and made it an on-the-box feature. The OS hence not only could run standard Java apps exactly as if they were native but included a rich set of bindings so that you could write fully native apps directly with the native frameworks but in Java. Per its designers, Java descends more from Objective-C than from C++ so I guess Apple were positioning themselves to be able to go fully Java if the market embraced it, hence they needed direct control over the thing.

      In the end the market chose Objective-C (though revisionists don't seem to remember it this way), Apple worked on advancing that and deprecated the native Java bindings after only a few versions and dumped the default inclusion of the Java runtime at all as of the current version. Cyberduck is the only big OS X app I'm aware of with a Java core, Neooffice/J having once also been quite popular but probably not so much since Open/LibreOffice went native.

      It was quite stupid that Apple were still maintaining Java separately and more slowly, and this is exactly the sort of flaw that doing so has exposed. So it's good that they don't do that any more, though it's far from being Apple's only security problem.

  9. Anonymous Coward
    Anonymous Coward

    O/S

    So, you need to have Java or Flash installed. I have neither on my Mac, so am I safe ? Surely rather than bashing Apple, is this not the fault of Adobe and Oracle ?

    1. n4blue

      Re: O/S

      If you don't have Java on your Mac then you should be safe, yes.

      It's not the fault of Adobe (this time). The security 'hole' is in Java. Oracle patched this particlar hole in February, but Apple maintain their own version of Java fo OSX and it took them until Tuesday to issue a patch.

      1. Anonymous Coward
        Anonymous Coward

        Re: O/S

        They switched exploit (CVE-2012-0507, from CVE-2011-3544 and CVE-2008-5353) on March 16 I think.

    2. kain preacher

      Re: O/S

      What you are seeing is a back lash against Mac users. When Windows users pointed out that the flaw was in a 3rd party application fanbois shot back and said windows should of never allowed it to happenand macs don't get infected.

      1. Anonymous Coward
        Anonymous Coward

        Re: O/S

        Thanks for the reasonable reply - my post got so many downvotes even for asking a question.

        Apple vs Windows is worse than Liverpool / Everton or Arsenal / Tottenham.

        1. itzman
          Unhappy

          Re: O/S

          I've never tried installing Liverpool, Arsensal, Tottenham or Everton on my computer. What features do they offer?

    3. This post has been deleted by its author

    4. Mike Flugennock

      Re: O/S

      Good point. I don't have "runtime Java" installed that I know of, and I maintain a very tight whitelist in FlashBlock.

      Don't know enough about Oracle to comment on Java, but I have enough experience with Adobe products to know that Flash and Acrobat practically scream pwn me, PWN ME!

  10. EddieD

    Bloody, bloody java...

    I'm currently vulnerable to this, as my main install of Java is a bit out of date, but updating it on Windows, when you run as an user, is a pain - even if you authenticate as admin, it fails with a folder creation error, so you have to log out, login as Admin...yeah, I'm lazy.

    But not only that - a lot of programs that rely on Java (e.g. SPSS/PASW) use their own JVM to ensure that it is compatible, and these never get updated, which is a bit of a security hole...

    It's a shame it's useful, otherwise I'd just get rid of it.

    1. Tom 13

      Re: use their own JVM to ensure that it is compatible

      Yep. You don't want to get me started on programmers working on critical apps that depend on Java versions that Sun stopped supporting 2 years before they sold out to Oracle.

  11. This post has been deleted by its author

  12. Stuart Halliday
    Trollface

    Mac users will....?

    <Switches off SMUG mode>

    ;)

  13. Ross K Silver badge
    Mushroom

    But, but...

    they told me Apple computers didn't get viruses!

    Say it's not so Steve!

    http://www.youtube.com/watch?v=M3Z386vXrt4

    1. Anonymous Coward
      Anonymous Coward

      Re: But, but...

      Don't get Windows virus. Are you really so thick?

      1. Ross K Silver badge
        FAIL

        Re: But, but...

        Riiiight, anonymous fanboi. I never said macs did/didn't get infected by Windows viruses.

        English is obviously not your first language.

        1. Anonymous Coward
          Anonymous Coward

          Re: But, but...

          So lets examine you English skills

          Where in the advert does it say that Macs can't get a virus? - It doesn't, Not even once.

          They'r clearly talking about a Windows Virus. Which a Mac cannot get. Yes, they can pass them on.

          So you're original comment "they told me Apple computers didn't get viruses!" is actually completely wrong. They never said it at all.

          English may be your first language, but you're not very good at it. Stick to picture books

  14. Anonymous Coward
    Paris Hilton

    HAHAHA

    I DONT HAVE TO WORRY ABOUT MICROSOFT VIRUSES I HAVE A MAC

  15. A_Flat_Minor
    Holmes

    But...

    There are no viruses on Mac's.

    I was told this. It must be true.

  16. Mectron

    HAN! HAN!

  17. wowfood
    FAIL

    I've noticed a distinct dislike of Mac users on El Reg, nothing wrong with that, anyone who spends double the value because it has a customised version of linux on it deserves to be mocked. I mean really, I've tried using a mac, honestly I have. But its just terrible. Shame Microsoft is trying to copy them now.

    *jumps on the Linux boat*

    1. Scott Wheeler

      > it has a customised version of linux

      Macs don't run Linux, customised or otherwise.

      1. Bjorg

        I think he meant Unix. It's easy for the layman to get the two mixed up sometimes (like affect and effect for most people), so cut him some slack.

        1. Frank Bough

          Layman?

          I thought he was another holier than thou Linux user?

      2. Tim Bates

        >Macs don't run Linux, customised or otherwise.

        Sure they do - My mum ran Debian on an old purple PPC iMac for years.

        1. Anonymous Coward
          Anonymous Coward

          Yep, got Unbuntu running on an old PPC power book

    2. Frank Bough

      Tosser

      that about covers it.

  18. Anonymous Coward
    Anonymous Coward

    Enjoy the show

    Sit back, put your feet up, get the popcorn out and be prepared to watch the spark fly as the forumites kick off.

    Remember play nice girls and boys

    1. Anonymous Coward
      Anonymous Coward

      Re: Remember play nice girls and boys

      Now, where did I put the remote that turns on the rotation, tilt, and spikey things?

  19. Sean Timarco Baggaley

    "exploiting a Java hole that Apple only patched on Tuesday"

    Er, Apple aren't maintaining Java for OS X on their own. As your own article states, Oracle are involved in this release too.

    Apple are no more interested in keeping Java limping along than they are in supporting Flash on iOS. Both are obsolete technologies that have lasted well beyond their Use By date.

    1. Anonymous Coward
      Anonymous Coward

      Re: Apple aren't maintaining Java for OS X on their own.

      What bit of "only runs on OS X 10.7" did you not understand?

  20. Wyrdness
    Stop

    After checking that my Mac was clean, I thought that I'd see which version of Java is installed. So I typed java -version into bash. The result was:

    No Java runtime present, requesting install.

    Needless to say, I clicked cancel when it asked me if I wanted to install Java. So unless a user has explicitly installed Java on their Mac, then they're safe (this time).

  21. Jonathan White
    Meh

    Nice to see El Reg forums maintaining their usual standards...

    For anyone interested, instructions on checking for and removing the malware are here :-

    http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

    The only observation I would make is that, of the number of active OSX computers in use (given the sales of OS updates & etc), 500,000 is actually quite a small percentage. So they've got off lightly, basically.

    1. Anonymous Coward
      Anonymous Coward

      Thanks

      Thank you for posting something useful!!!!!!!!

  22. NomNomNom

    This is BS. I have been operating a Mac and an IPod for years and I've NEVER, repeat NEVER, got a virus but I know people running windows who have get thousands of viruses all the time.

    Anyway a Trojan isn't even a Virus. Plus it's Javas fault, not Apples. and anyway Windows had viruses first.

    1. Aqua Marina

      @NomNomNom

      How do you know you NEVER, repeat NEVER, got a virus? Every Mac user I've come across in the last 20 years, has refused to install any Antivirus, therefore wouldn't actually know if they had got a Virus.

      1. Ted Treen
        Facepalm

        Re: @Aqua Marina

        ...then you haven't come across very many Mac users then, have you?

        Every Mac user I know (including me) has AV installed - if only to avoid inadvertently forwarding a Windows virus to a windows-using friend.

        Shock! Horror!

        Some of us Mac users DO have friends who use Windows - and we STILL talk to each other and remain friends...

        1. This post has been deleted by its author

        2. RAMChYLD Bronze badge
          Boffin

          Re: @Aqua Marina

          I agree. If you did not at least have Disinfectant in you Mac toolkit back when, you should be ashamed of yourself.

          And I'd like to add that I've lived through an ugly Autostart 9805 worm/virus infection on my old PowerMac G3 to tell the tale.

    2. Anonymous Coward
      Anonymous Coward

      to NomNomNom

      If you check I think you will find that the first 'virus' was written for UNIX

      1. eulampios

        @NomNomNom

        You may write as many viruses as you want. More interesting is how much chances they will have to infect and spread outside of the lab. For this matter count those viruses for *nix that have been allegedly detected in the wild along with the percentages.

        AMOF, This case shows that:

        1) Java runtime is a pretty dangerous technology to be allowed in a web browser, nothing to say it is almost always redundant stuff

        2) Apple is sloppy

        3) Oracle may also be sloppy

    3. largefile
      FAIL

      NonNomNom.... you really know someone (you said people which would be more than one person) with "thousands" of viruses on their computer(s)? I think not. So...we know that's not factual, so what else isn't factual in your posts?

      1. M Gale

        Actually...

        ...depends on how you define "thousands". I did once end up cleaning a computer that had well over 100,000 running copies of the same worm, each with its own executable in c:\windows\system. "Slow" doesn't begin to describe it.

        And yes, trolling troll is trollicious.

        1. Tom 13

          Re: Actually...

          I didn't have to clean it up, but our Sr. Tech did.

          Back in the early virus fighting days, Sr. Pilot fish installed really good AV that you can't get anymore (It didn't even trust updates it downloaded itself, and unless you'd granted explicit permissions to directories you couldn't write there either) on server for a client. Client got a virus. Virus said you the system was infected and could be cleaned, but the AV needed to be turned off first. AV was configured to quarantine, not delete and had been running for over a year catching many, many viruses and stopping them from infecting the system. Client dutifully turned off AV and proceeded to "clean" the infection. Which of course released EVERY virus from the quarantine.

          I was so glad I wasn't Sr. Tech that day.

          1. M Gale

            Re: Actually...

            Reminds me of something, that does.

            http://www.youtube.com/watch?v=8vxEimC3HME

  23. kain preacher

    NomNomNom is trolling

    Thank you and have a nice day

  24. Robinson
    Stop

    Please, stop arguing :)

    I have a Windows desktop with a Linux (Mint) VM, an iPhone and an iPad. I don't want viruses on any of my things!

    Arguments as to which is intrinsically safer are usually correct insofar as the history of Windows is that of a totally insecure OS having to evolve into a more secure one, leaving plenty of holes behind, coupled with the fact that it's by far the most common OS on desktops.

    I honestly don't think any of them are secure against the combination of determined attacker and non-expert users. My advice to anyone and everyone is to store anything important, encrypted, onto a memory key that you only plug in when you need it, never run as Administrator, use complex 128 or 256 bit passwords for all of your online banking activity, which you store in something like a KeePass .db (as there's no way you'll be able to remember them!), saved onto your encrypted memory key and try not to visit dodgy websites!

    I don't think you can do much more than that other than unplug your system from the internet or switching it off, whatever OS it is.

    1. Anonymous Coward
      Anonymous Coward

      Re: Please, stop arguing :)

      For the truly paranoid among us, simply boot from a Fedora "Live" CD or usb stick for banking transactions, or reserve a notebook exclusively for banking, rebooting before use.

      This should guarantee a safe connection to your bank, free of any keyloggers, worms, viruses or trojans.

    2. Tom 13

      Re: Please, stop arguing :)

      I concur with everything except the "Please, stop arguing" bit.

      Now I'm off to get some more buttered popcorn.

  25. This post has been deleted by its author

  26. Patrick 8

    Or Just Run Mac Little Snitch like we have been saying all these years

    If anyone was lazy enough to lookup the install trojan details, it searches for Little Snitch is running on the Mac and if it is detected the trojan installer immediately quits the installer and deletes itself from the Mac running like a scared little girl!

    So much for anyone having any of these Windows Anti-Virus based companies Anti-Virus products for Mac product on your system, the trojan installs... Lolz

  27. N2

    The malware prompts for the administrator password

    nuff said,

    1. JohnG

      Re: The malware prompts for the administrator password

      RTFA. V1 did that but V2 doesn't require any user interaction.

  28. Dan Paul
    Joke

    Someone forgot to choose the "Troll" icon

    Looks like NomNomNom was "Trolling without an icon".

    Ms. Bee would have slapped his peepee for that.

    It's so much easier to tell intent when the proper icon is displayed.

    Can we please have a "Sarcastic Bastard" icon now?

  29. W.O.Frobozz
    Happy

    Ha ha ha

    Screw all of you...I know I'm perfectly safe with OS/2 Warp installed. You WinMac heads...have fun with your viruses!

  30. Feldagast

    Make it look Apple official

    Just make it when the virus asks to download something fake like its a official update from Apple, say its Siri for desktop, or even charge the users for it, 2 birds with one stone, fanbois will pay for you to infect their computers.

  31. Jean-Luc
    Trollface

    >Infected machines, not blank-eyed shuffling fanbois

    Phhhew. Thanks for clarifying.

    I was wondering if it was gonna be safe to get me morning espresso @ starbucks tomorrow.

  32. Anonymous Coward
    Anonymous Coward

    They need Norton Anti-Virus 2007

    Google: Symantec Sucks

  33. John Rose

    Can this Trojan 'infect' Linux distros (e.g. Ubuntu)? If so, what software (e.g. Firefox add on) can prevent it happening?

  34. Anonymous Coward
    Facepalm

    Pah!

    Sounds more like Dr. Web (anyone heard of them before?) found a way of getting LOTS of free publicity.

  35. figure 11
    Happy

    Safe

    My LCII has disinfectant installed. *is safe*

  36. This post has been deleted by its author

    1. M Gale
      Flame

      Re: Old school FTW

      I was hunting around looking for Draqgon 32 viruses, just to amusingly prove you wrong. I can't find any though, and I feel like I have to print something vaguely amusing, so instead you can all have this:

      "The Motorola 6809, used in the UK's "Dragon 32" personal

      computer, actually had an official "SEX" instruction; the

      6502 in the Apple II with which it competed did not.

      British hackers thought this made perfect mythic sense; after

      all, it was commonly observed, you could (on some theoretical

      level) have sex with a dragon, but you can't have sex with an

      apple."

      Icon for comical reasons.

  37. Jim Carter

    Whilst the schadenfreude is indeed very delicious

    It surely teaches anyone that security through obscurity is not a valid approach, as much as you want it to be.

  38. Max_Normal
    Facepalm

    @ Christopher Webb and Jim Carter

    Exactly! As soon as personal Mac and Unix boxes number the same as Windows on the interwebs, the virus writers will take note, and they will succeed too. Macs or Unix are not really more secure, just not as interesting or numerous to be worth it yet.

    http://www.theregister.co.uk/Design/graphics/icons/comment/facepalm_32.png

    1. Tom 13

      Re: @ Christopher Webb and Jim Carter

      I'm a Windows users, but I recognize that Linux and Mac (BSD) are actually inherently more secure than my preferred OS, but, and this is a BIG but, any time you dwadle with patches for known security vulnerabilities, the malware bastages are likely to run by and give you drop your drawers. If you look completely oblivious they may even tie your shoelaces together before they drop your drawers. And the Fanbois* have been completely oblivious for the last few years.

      *Mike, read your posts, you're NOT a fanboi.

  39. DJ Particle
    Thumb Up

    Eh, after I found out about the exploit weeks ago, I turned Java's interaction with my browser off until the patch came.

  40. Anonymous Coward
    Anonymous Coward

    Russian AV company wants free publicity

    The pertinent question is, does it install into the users home directory or is it system-wide?

    1. Stevie

      Re: Russian AV company wants free publicity

      I'm pretty sure the pertinent question is whether or not it has installed itself with escalated privileges.

  41. This Side Up
    WTF?

    "The Flashback malware was capable of installing itself on unprotected Mac machines without user interaction, ... Users become infected simply by visiting a site loaded with exploit code, ..."

    So visiting a web site isn't user interaction. It just happens.

  42. frood
    Thumb Down

    Another month and another shock virus claim...

    Symantec list this as a very low risk, it's been around for months. it does require a level of social engineering, you choose to download it and then choose to ignore a system warning about it being downloaded, and then if you give it the users password it installs. Most macs have the root account disabled and essentially rely on sudo. The latest release, as mentioned, does not require the password to do a limited install. which presumably means you'll be warned whenever it tries to install it's downloaded payload.

    Hopefully Oracle will roll the osx release into their main release cycle soon, Java has been depracated on osx since 2010 and has been in the process of being redacted into the main release ever since.

    Macs, like Linux, aren't virus immune. But both are a harder target.

  43. JOKM
    Stop

    Anti Virus

    It looks like just having antivirus apps installed means the app self deletes, presumably to hide how far its impregnated. I had AV on my mac for 3 years now and glad of it, anyone who doesn't install antivirus apps on their machines and im including linux guys on this is doing the equivalent of having unprotected sex with as many different people as possible, and not bothering with an STD test the day after.

    Also now apple have relinquished control of how java is ported to their machines and it is the responsibility of the open jdk project hopefully security hole fixes will be quicker.

  44. s. pam
    Joke

    Fook Me

    How on Earth did y'all find a picture of my ex-wife?

  45. Anonymous Coward
    Anonymous Coward

    Get protection before you get your mac-on.

This topic is closed for new posts.

Other stories you might like