Kaspersky and Symantec both reported dramatic declines in the number of Macs infected with the Flashback malware this past week. However, Dr. Web--the source that discovered the threat in the first place--claims the number of compromised systems is still going strong, and may even be growing.
Apple responded to the malware attack with a patched version of Java, and a subsequent update that removes the Flashback malware. Apple also implemented a process to proactively disable Java if its not actively used--a brilliant way of reducing the exposure to attack by following established security best practice and turning off or removing services and tools that aren’t necessary.
Following the moves by Apple, there have been reports that the number of systems infected with Flashback malware has dropped to 140,000, or even as low as 30,000. However, Dr. Web claims the number is still somewhere around 650,000, and that unique evasion techniques in the malware, combined with flaws in the methodology of the security vendors, is yielding false data.
Better late than never? Apple has released the third Java update in a week for Mac OS X, and this one contains the tool to remove the Flashback malware from infected systems. Beneath the belated fix to help users eradicate the threat, Apple has introduced a proactive approach to reducing security risk, and other vendors should take note.
This first couple of Java updates already patched the underlying vulnerability. The latest version doesn’t address any new vulnerabilities—it takes care of the destruction left in the wake of the vulnerabilities in the first place, and proactively reduces the exposure to risk for Mac users.
The latest Java update from Apple removes the known variants of the Flashback malware from infected Mac OS X systems. It also automatically disables Java if it has not been used during the previous 35 days. Once disabled, users have to manually re-enable Java in order for Java applets to run again. That means that malware attacks like Flashback would be unable to automatically execute and compromise Macs that don’t regularly use Java.
Unless you’re some sort of adrenaline junky like Jeb Corliss, you know better than to engage in certain risky behaviors like BASE jumping from the Empire State Building. According to a new survey from Webroot, though, a majority of people now consider online activity to be a greater risk than real-world activities.
The Internet is a part of mainstream culture, and users—both consumers and business users—perform a wide variety of tasks online that can potentially expose them to risk. Sharing personal information on social networks, accessing bank accounts, purchasing goods online, sending email, and other activities can put sensitive identity information and financial data in jeopardy if not properly protected.
Today is the second Tuesday of April, and that means it’s Microsoft Patch Tuesday time. This month Microsoft released a total of six new security bulletins, but one in particular deals with a zero-day vulnerability impacting virtually every Microsoft user, which is already being exploited in the wild.
Four of the six security bulletins are rated as Critical by Microsoft, with the remaining two ranked as Important. The Critical security bulletins include a fix for Windows and the .NET framework, as well as the perennial favorite—the cumulative update for Internet Explorer. The biggest deal, though, is MS12-027, which addresses a critical flaw in Windows Common Controls.
Andrew Storms, director of security operations for nCircle, declares MS12-027 is the “deploy now” patch of the month. The Windows Common Controls are widely used throughout the Microsoft ecosystem, so there isn’t much that isn’t potentially impacted by this one.
An estimated 600,000 or more Macs are currently compromised and part of a massive botnet thanks to the Flashback Trojan horse. To put the size of the threat in some perspective, the Flashback Trojan botnet is even bigger than the massive Conficker botnet…relatively speaking.
The Conficker botnet compromised an estimated seven million plus Windows PCs around the world at its peak. Seven million is obviously much larger than 600,000, but Windows also has a significantly higher number of PCs in use around the world.
According to current data from Net Applications, Mac OS X is the number two desktop OS with 6.54 percent market share. Windows, on the other hand, accounts for 92.48 percent of the market. Based on market share, the Flashback Trojan botnet is equivalent to a Windows botnet of nearly 8.5 million PCs. That makes it an even larger threat than Conficker--just on a much smaller platform.
Mac OS X may be more secure than Microsoft Windows in some ways, and it certainly has fewer attacks aimed at it, but it’s not invulnerable. Reports are emerging that as many as 600,000 Macs have been compromised by a Trojan horse.
The Flashback Trojan was discovered in August of last year. The malware masquerades as a Flash Player update, but when executed it exploits a flaw in Java to infect the system and make it part of a Mac botnet.
Cyber criminals develop attacks for the low hanging fruit. They want malware with the widest pool of potential victims, and the greatest possible return--either financial, or information that can be sold for financial gain. Apple has been flying under the radar of relevance for years from a malware developer perspective, but as the popularity of Mac OS X increases so does its value as a malware target.
McAfee has updated its MOVE (Management for Optimized Virtual Environments) AV with an agentless deployment option. In addition, McAfee announced MOVE AV now has tighter integration with VMware vShield Endpoint environments. These two updates expand the features and capabilities of MOVE AV for protecting virtual servers and endpoints.
Companies are embracing virtualization for the flexibility, efficiency, and scalability it provides. It’s important, though, not to lose sight of the fact that virtual systems are each separate, individual systems. They still need antimalware and security protection like any other system, and the security tools in place on the physical host server will not protect the virtual systems running on it.
One of the most common complaints about security software is that the agent or service running on the protected endpoint consumes system resources and impacts performance. In a virtual environment--where resources are already being shared across multiple virtual servers in the first place--this can be a more serious concern.