Flashback Trojan is a wake-up call for Mac Nation: You are now fertile territory for cyber criminals

By | April 11, 2012

Posted in: Network Security Trends

A few days ago, a friend was hunched over his four-year-old Mac laptop, peering intently with furrowed brow. “Problem?” I asked. “Wondering if I should worry about this Flashback Trojan that’s in the news,” he replied. “I didn’t think Macs got viruses.”

Of course, Macs can and do get malware infections. But with all those lovely Windows PCs riddled with vulnerabilities, cyber criminals just haven’t paid all that much attention to them. Criminals go where the money is, and the money has been and still is in exploiting Windows machines. But now, some 600,000 Macs (for a good discussion of the Flashback outbreak, check out ICSA Labs' Roger Thompson's post) infected by a single piece of malware marks a significant, though not gigantic shift in the landscape. Considering the installed Mac base, that’s a big number. Considering Mac’s limited history with widespread infections, that’s a big number. Maybe the phenomenon will make Mac security more of a priority.

[UPDATES:Free Flashback removal tools; Flashback infections trending down, Symantec reports]

Macs’ popularity are making them more and more attractive to criminal attackers. Welcome, my brethren.

Many Mac users have given very little thought to security because they didn’t think they had to. That thinking is sooooo 2006. Mac people have to worry about phishing emails, social engineering, drive-by downloads and protecting their passwords and their data. My friend said he tried to be careful about what links he clicked, attachments he opened and websites he trolled. So he was already thinking about security.

OK, that’s good. What do you use for antivirus? Blank face, uncomprehending eyes. “I don’t have any. Should I?” Yes. “Which one?” Any reputable vendor that strikes your fancy and meets your software budget. Desktop AV certainly won’t solve all your security problems, but it’s dead certain you’re a lot worse off without it.

The rest of the process involved going through the process of discovering if his Mac was indeed infected, and, if so, how to wipe Flashback off his hard drive. Furrowed brow again. “These instructions are not very intuitive.” I’d seen the process and agreed, they are not intuitive for most Mac, or for that matter, Windows people (except for those Windows who make a virtue of a vice by saying how much they like the “hands on experience.”)

He found, to the relief of all, that his laptop was Flashback-free. He was going to apply the patch issued by Apple, but had to upgrade from OS 10.5.8 to OS 10.6 (his aging machine didn’t have the requirements for 10.7. If you are stuck on 10.5x, the only protection is to disable Java, which is a good idea anyway). Next was buying and installing desktop AV. “Yeah,” he said. “That was a chore. I’m going to go play my guitar for a while.”

(Note: This all happened, more or less,  with some creative license to paraphrase. I’m by no means a Mac basher or Mac user basher. Apple is selling all those devices for a reason. My personal choice for computing generally has revolved around work requirements and a penchant for games.)  

You May Also Be Interested In: