Feeds

back to article 550,000-strong army of Mac zombies spreads across world

The Mac-specific Flashback Trojan created a zombie army of 550,000 Mac machines by exploiting a Java hole that Apple only patched on Tuesday, six weeks after Microsoft plugged it up on Windows machines. This is according to Russian anti-virus firm Dr Web, which arrived at the figure after it successfully managed to sinkhole one …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

Oh my....

The shadenfreude...is just too delicious to bear......

51
3
g e
Silver badge
Facepalm

Re: Oh my....

Appleists haven't got over the 'loss' of Instagram yet, either

I'd shed a tear but it'd be crocodile-flavoured (is that kinda chicken-y?).

22
4
Silver badge
Windows

Re: Oh my......."The shadenfreude"

I have to admit it is so veeeery tempting. However, I hope that Cupertino really take this as a warning and get their collective arses into gear. None of us is served by this kind of shit (I know, I smiled as well) and it is best (in my humble opinion) that we recognise that we are all in this together (whether we like it or not) and act accordingly.

24
1
Bronze badge

I'd shed a tear but it'd be crocodile-flavoured (is that kinda chicken-y?).

I had a crocodile pie once and it was more like flavourless haddock than chicken.

Of course it is possible I had a haddock pie and some Aussie pie flogger had a giggle at my expense.

1
1
Anonymous Coward

Re: Oh my....

You should have been around earlier.

Clearly El Reg aren't getting enough page views so they've posted the same story twice.

http://www.theregister.co.uk/2012/04/04/apple_java_update/

1
6
Anonymous Coward

Re: Oh my....

Any corroboration? This is a single claim.

Has anyone confirmed his findings?

0
5

I'd shed a tear but it'd be crocodile-flavoured (is that kinda chicken-y?).

I can't say about crocodile, but I've had alligator on several occasions. That is indeed rather chicken-y.

1
0
Bronze badge

Re: Oh my....

My recollections of crocodile meat, from when Sainsburys sold it as precut strips, around 1998 or so, I think, are:

1. It has a distinct texture that vaguely looked like it would go in flakes (like white fish does) as I cooked it, but was meat-like rather than fish-like, and didn't flake at all. The texture was more like beef or lamb than it was like chicken.

2. It was nearly white in colour, which added to its resemblance to fish.

3. It had distinct, but not particularly strong, flavour that was not very much like chicken.

2
0
Bronze badge
FAIL

Re: Oh my....

You're living in a dreamworld. I've been a Mac user since 1989. Total viruses, trojans so far? 0.

I'm sure you can spin that the wrong way if you try REALLY hard.

4
21
Bronze badge
Coat

I had Haddock once

...but I took some Motrin, and it went away.

(You know, when someone hangs a curveball, you just gotta take a swing at it....)

1
0

Re: Oh my....

And I have been a Windows NT user since 1993.

Number of malware so far (not counting that awful PowerDVD crapware that came with my burner): 0.

Most of that time I have surfed with Javascript disabled. That fended off quite a few threats in the early years.

I also avoid installing any antivirus products. They lead to a false sense of security. Case in point: I've helped people clear trojans that their AV software only managed to pick up on after quite some time (I kept a sample at work where we are forced to use AV software).

OSX has grown in popularity. Welcome to your worst nightmare.

4
4
Anonymous Coward

more like shaden BS ..

More like shaden BS if you ask me ..

0
0
Anonymous Coward

Oh the humanity!

Shame on you, El Reg, for such terrible, self-evidently baseless scaremongering.

The creed of the True Believer has always held that Macs don't get viruses.... ;)

24
2
Anonymous Coward

Re: Oh the humanity!

cue the "it's not a virus... it's a trojan... don't you know the difference.. .blah blah blah..." from the pedants out there...

20
0

Re: Oh the humanity!

It's only a trojan if a user has to install something. This is an honest to goodness virus and anyone who says otherwise is just flat out wrong.

13
3

Re: Oh the humanity!

The definition is correct, why the downvoting? Generally, "trojan" refers to a malicious program that requires a user consent. It just pretends to be something else while performing rogue tasks.

8
1
Gimp

Re: Oh the humanity!

erm you have to type in your admin password for it to install

and if it detects any software like little snitch (and even Xcode!!) it won't install!

I'd like to see where they got these numbers from - are they selling anything?

0
17
Silver badge
Gimp

Re: Oh the humanity!

erm no you don't. RTFA:

"The Flashback malware was capable of installing itself on unprotected Mac machines without user interaction, a factor that goes a long way in explaining the success of its spread. Users become infected simply by visiting a site loaded with exploit code, in drive-by-download-style attacks."

Besides, I would think the best response to something like this happening is "Gee, I should make sure my software is up to date and I have a working antivirus."

Not

"They're making this up!" or "Oh yeah, well Windows gets viruses too, so there!"

29
0
Bronze badge

Re: Oh the humanity!

I've been a "true believer" since '85 and, iirc, one of the first major viruses discovered in the wild -- or at least the first that got any media attention -- was a Mac virus, around 1988 or '89.

I won't speak for other "fanbois" -- jeezus, I hate that goddamn' word -- but one of the first things I learned twenty-odd years ago was to not be complacent. I still think criticism of Windows for its defaults being set to "hack me, root me, trojan me, pwn me" out of the box, but I've always paid close attention to virus/malware reporting in the Reg and elsewhere as I knew sooner or later some miscreants would get around to doing a Mac virus or trojan, and I wanted to be sure I was ready for them (Firefox/NoScript/Adblock/Flashblock/LittleSnitch FTW).

13
0
Bronze badge

Re: Oh the humanity!

erm you have to type in your admin password for it to install...

Yeah, that's right; almost forgot that...

and if it detects any software like little snitch (and even Xcode!!) it won't install!

I'd like to see where they got these numbers from - are they selling anything?

Good point. Also -- for some reason -- I'm suspicious of that outfit simply because they're Russian. Makes no sense, I know, but...

0
12
Thumb Down

Re: Oh the humanity!

"erm you have to type in your admin password for it to install"

Actually, you don't.

It's a bit of an odd duck, this one. It asks you for an administrator password, but you don't actually have to type it.

When the malicious Java applet runs, it attempts to download additional code. To do this, it prompts the user for an administrator password. If the user is gullible enough to type it, the downloader installs a payload in the Mac's Applications folder, and (I believe) sets it to run automatically at startup.

If the user *doesn't* type the administration password, the downloader installs a hostile payload in the user's home folder. This payload runs in userland, without administrator privileges, and I'm not certain but I don't believe it runs on restart (and it certainly doesn't if the user restarts and logs in to a different account). It's a lot more limited in what it can do, but it does still run, and (if the user doesn't have the firewall enabled) does seem to have the capability of making outside connections.

So the upshot is: No, you don't have to type an admin password. If you don't, the infection is somewhat mitigated, but it is still effective.

11
0
Silver badge
Thumb Up

@Mike Flugennock Your post demonstrates very clearly that as a Mac-user you,......

"I won't speak for other "fanbois" -- jeezus, I hate that goddamn' word "

..........on the basis of your posting, do not remotely fall within the definition "fanboi" - in contrast to a certain number of the postings we get here at El Reg from a particular proportion of Cupertino's fan-base. I work with a number of "Mac-folk", amongst others, graphic designers and scientists - I would not describe any of them as "fanbois", serious people all of them for whom I have a great deal of time.

-:)

AF.

4
0
Bronze badge
WTF?

Re: Oh the humanity!

Find a Mac with a virus in less than 24 hours and I'll buy you a drink.

3
6
Bronze badge
FAIL

Re: Oh the humanity!

MacOS AV software is an even more pathetic scam than Windows AV is.

0
4

Re: Oh the humanity!

I am very tempted to say "find a Mac in my area in less than 24 hours and I'll buy you a drink".

In my circles, there is about 1 Mac user for every 50 Windows user. True, it would not be hard for me to find an infected Windows machine, but it is because I know which particular user is most likely to have an infection at any given time. (OTOH maybe he has cleaned up his act by now, in that case I'd be hard pressed to find an infected Windows machine)

2
1
FAIL

Re: Oh the humanity!

Well according to El-Reg you would be buying over a half million drinks as that is the number reported to have been infected by this drive-by infection.

0
0
Bronze badge

Re: @Mike Flugennock Your post demonstrates very clearly that as a Mac-user you,......

Thanks. The first computer I ever used or owned was a Mac; the design shop I was working got some in early '85, and I bought my own shortly after that. I think that if I'd used any system other than a Mac, I would be totally fearing and hating computers now. As it was, I was able to explore and experiment and learn about how computers and networks work because the Mac "just worked"; I could concentrate on my work and on self-education with my computer because I wasn't spending half the day ripping my hair out trying to figure out why stuff wasn't working.

But, aaaa-aaaanyway... long story short... yeah, I hate being tagged as a "fanboi" because I've used a Mac for over 20 years and really like it, but I can still dig where people are coming from when they fling that word around whenever I glance at the TV and see all those goddamn' hipsters lining up at 3:00 in the goddamn' morning to pay too much for iPhones and iPads... and I catch myself mumbling "jeezus, what a bunch of fanbois!"

0
0
Bronze badge

Re: Oh the humanity!

"MacOS AV software is an even more pathetic scam than Windows AV is..."

I figured that out after about four or five years of struggling with Virex, and pretty much everything from Norton or McAfee. Also, by that time (early '90s), the Web was just starting to become widespread, and so there was a whole new set of common-sense do's and don'ts for how to handle things like Java, JavaScript and unsolicited downloads, not to mention all the attention of malware authors seemingly shifting to Windows. Back then, I was still using a scanner to check my downloads for viruses, but I'd ditched my automatic self-running AV suite -- the stuff that would run at boot time, and barge in to check every file I opened -- because it was slowing my system to a crawl and was getting to be a bigger pain in the ass than it was worth.

0
0

Critical Mass Acheived

Must be worthwhile targeting Apple now, plus Apple users are generally higher net worth.

As has been seen before, the OS isn't the route in.

12
2
Anonymous Coward

Re: Critical Mass Acheived

Easy target too. All you have to do is look at what's patched in the latest Java release from Oracle - you've then got at least a couple of months to come up with a Mac exploit.

6
0
Facepalm

Re: Critical Mass Acheived

The thing is I can definitely remember clearing a virus from about 20 production Macs over 20 years ago in System 7 - no idea what it was called now.

Anyone who ever said Macs can't get a virus was an idiot, same as anyone who either repeats or claims such nonsense now

13
0
Pirate

Oh rilly

Just shows Mac users have the same level of stupidity as PC users. So what's new...

"Users that have been visiting a site with the malware will first be asked for an administrator/root password, if the users decides to enter the password the Flash Trojan will be installed in the application folder. "

D'uh... what if I just enter my password here...

2
6
Anonymous Coward

Re: Oh rilly

RTFA again. That was version 1 of the virus. Version 2 didn't require any user action.

12
0
Bronze badge

Re: Oh rilly

Just shows Mac users have the same level of stupidity as PC users. So what's new...

D'ahh, not so fast. See my previous comment re: encountering my first Mac virus in the late '80s.

"Users that have been visiting a site with the malware will first be asked for an administrator/root password, if the users decides to enter the password the Flash Trojan will be installed in the application folder. "

Hey, c'mon, I'd have to be totally rock stupid to give the admin password to something trying to execute which I don't even recall asking to download. Add to this the fact that I installed NoScript, AdBlock Plus, FlashBlock and LittleSnitch ASAP after upgrading to OSX would indicate a level of stupidity approaching zero.

Amazing how much a "fanboi" like myself can learn from paying close attention to the news about Windows viruses, trojans, malware and "social engineering" tricks in El Reg.

3
3
Gold badge

Mustn't........laugh........

"......capable of installing itself on unprotected Mac machines without user interaction...."

Well at least there's no danger of Apple being sued over that one. MS have let the patents lapse through disuse.....

7
0
Linux

lol

LOL a mac....

Linux 1 - 0 Other

2
26

This post has been deleted by its author

Yag
Thumb Down

Re: lol

Do you realize that this is an indication that an unix-based OS can be tinkered enough to allows it to be infected by a virus?

I know, "thou shalt not log as root for trivial operations", but try to tell it to Mr Everyone...

6
1
Silver badge

Re: lol

It's well known that Unix/Linux systems can get viruses - the difference has been that they've never become a widespread problem.

In any case if you want to be more sure in a Unix type OS use different accounts for different things.

I have an account I ONLY use for really important stuff like banking and another for for visiting sites that MIGHT be dubious. It's so easy to switch why not. Unless you can't be ars*d in which case you deserve all you get.

6
0
Anonymous Coward

Re: lol

@Chemist

Separate accounts don't stop you getting a virus/trojan and if you get infected with your "dodgy stuff" account, you're still infected. If you used your "dodgy stuff" account and were silly enough to enter your root password or have software which runs as root (or even just a bit elevated) which has a vulnerability, you still have a seriously compromised system.

2
3
Silver badge

Re: lol

"dodgy stuff" account, you're still infected."

"dodgy account " is still infected true but it's all just still extra layers of defence. Other accounts will not be so 'safe' account is still less vulnerable. Of course if a further vuln. allow escalation then that is a different matter.

"dodgy account" by the way is deleted/recreated at weekly intervals

Too complex a topic to describe in detail here but LONG complex passwords, multiple accounts, firewalls, NAT routers, Firefox/Noscript/ABP and a lot of other techniques alongside using Linux have kept me safe over the years.

Keeping an eye on the logs is useful. I esp. look for SSH attempts which is my only open port ( protected by unusual port number, one unusual account name and a long, difficult password)

1
0
Silver badge

Re: lol

There are Linux viruses in the wild and there have been for a while now. And that comes from one of your fellow Linux users.

Basically if you're running without antivirus on any system, you're an idiot.

3
4
Silver badge

Re: lol

"Linux viruses in the wild"

I didn't actually say that - the known viruses are more curiosities, they never spread far as the architecture is rather unfriendly. Most of the antiviruses look for Windows viruses to stop them being passed on.

1
0
Linux

Re: lol

A complacent penguin is an endangered penguin

5
0
Anonymous Coward

Re: lol

I don't buy that argument about anti-virus and never have. It's good at detecting stuff that's been around the traps a while but none of them score 100% in tests so you're just flying under the assumption of protection. Avoiding these things requires a multi-faceted approach and I find anti-virus decidedly ex-poste. I've never ever run it on Linux and have never had an issue.

1
0
Bronze badge

Re: lol

>>Basically if you're running without antivirus on any system, you're an idiot.

Basically, If you rely on an antivirus to protect you against the weaknesses of your operating system, you are an idiot. If you knowingly running an OS that fails to address many security problems on its own to require some murky, obscured tools, you are an idiot squared.

0
0
Bronze badge

Re: lol

>>There are Linux viruses in the wild and there have been for a while now.

It would be nice to support this claim presenting names of the alleged viruses with the estimated numbers of infected Linux users, each linked to the corresponding sources. Otherwise, it is a never-ending FUD of an MS Windows fanboy.

1
2
Bronze badge

ὅπερ ἔδει δεῖξαι

So, downvoting instead of providing actual sources. FUD it is.

QED

0
0
Bronze badge

Re: lol

> It would be nice to support this claim presenting names of the alleged viruses with the

> estimated numbers of infected Linux users, each linked to the corresponding sources.

I'm starting off this post with "I'm not a Windows Fanboi", I run quite a few Unix systems in my lair (of which three runs different flavors of Linux, and one OpenBSD box acting as a router).

That said: http://ubuntuforums.org/showthread.php?t=1349678

This cropped up back in '09 . It caught my attention by appearing in an issue of LinuxFormat . I think it's proof enough that even friends of penguins aren't safe anymore.

0
1

This post has been deleted by its author

Page:

This topic is closed for new posts.