Mac Flashback Flaw Reused by New Malware Campaign

Malware criminals are on the hunt for Mac victims again, repurposing the Java-based vulnerability used by the Flashback bot to push a new drive-by web attack, security firm Sophos has reported.

It's a malware tactic that is taken for granted in the Windows world. A vulnerability in a common software interface -- in this case Java -- is hit multiple times by different malware campaigns, usually in quick succession.

The difference this time is that the attack is cunningly cross-platform, hitting Mac and Windows users.

If encountering an unpatched Windows system, the attack installs a backdoor whereas for Mac computers the attackers download a Python script to perform the same function. Although not as sophisticated, the latter still gives the hackers a lot of file-stealing and remote power over the Mac.

"This attack is quite different from the earlier Flashback attack, and may indicate that other cybercriminal gangs are exploring the possibilities of infecting Mac computers," commented Graham Cluley of Sophos.

"Although Windows users are generally pretty good at running anti-virus protection, Mac users are only just waking up to the need," said Cluley.

The good news is that the CVE-2012-0507 vulnerability will have been patched by many users in the aftermath of Flashback's publicity spike; the bad news is that vulnerability is recent enough that some won't have patched it at all.

The determination to hit Mac users using cross-platform exploits can probably be traced back to the mostly-ignored "Boonana" Trojan from October 2010, the first time malware writers had set out to attack Macs using the same design they'd use to hit Windows.

For Mac users who don't want to stop using Java (some will find it inconvenient to do so), the price will be more such attacks. Java has been spotted as a Mac weakness, partly because it isn't currently patched quickly by Apple and partly because its users leave their computers unprotected.

Expect more attacks targeting the current crop of flaws as well as future ones.

recommended for you

Flashback Trojan FAQ

Read more »

Subscribe to the Security Watch Newsletter

Comments