Feeds

back to article 550,000-strong army of Mac zombies spreads across world

The Mac-specific Flashback Trojan created a zombie army of 550,000 Mac machines by exploiting a Java hole that Apple only patched on Tuesday, six weeks after Microsoft plugged it up on Windows machines. This is according to Russian anti-virus firm Dr Web, which arrived at the figure after it successfully managed to sinkhole one …

COMMENTS

This topic is closed for new posts.
Bronze badge

@RAMChYLD

Ramchyld, so you're running an OpenBSD? Sure, no kidding? And may I ask, do you know, if a person starting the thread in your link is running plenty of OpenBSDs along with a Debian? And he/she is not kidding either:

"I have installed a deb from a site claiming to be an Screensaver however it looked dodgy however I proceeded."

Just, FYI, try not to install outside of central repositories, especially with sudo/root and/or binary only (even from gnome-looks. website) . With major distros/BSD users have a huge selection of various software, unlike their Windows counterparts. Possible reasons of going against such practices might be either recent switch from Windows, or a low IQ.

Another "not-a-Windows-fanboy" had a similar joke http://forums.theregister.co.uk/forum/containing/1359363 . Yours is good too :)

On a serious note, I've seen names of alleged Linux viruses and trojans on some antivirus makers' websites. All of them had nothing to claim about their relevance in the wild, except for a couple from the early 90s supposedly infected tens or hundreds of Unix users.

0
0

Fanboi slates Java, misses point in 3, 2, 1...

Only a matter of time until a Fanboi comes along to tell us how crap Java is, this isn't Apple's fault, Macs are still 100% virus-free and did I mention how good Apple are?

13
4
Bronze badge

Re: Fanboi slates Java, misses point in 3, 2, 1...

Well, let's face it, Java is crap... and I've known since at least 1989 that Mac OS is vulnerable to viruses if I don't pay attention to what the hell's going on.

2
1

Why...?

Serious question - no Apple or Java bashing here. Why is it that Apple manage the Java updates for OSX when Oracle do them for Windows and Linux? From what I've read it seems Apple would prefer Oracle to do this, but how did they get into this situation in the first place?

3
0
Silver badge

Re: Why...?

As part of their desperate attempts to become relevant again c.1999, Apple built Java directly into OS X and made it an on-the-box feature. The OS hence not only could run standard Java apps exactly as if they were native but included a rich set of bindings so that you could write fully native apps directly with the native frameworks but in Java. Per its designers, Java descends more from Objective-C than from C++ so I guess Apple were positioning themselves to be able to go fully Java if the market embraced it, hence they needed direct control over the thing.

In the end the market chose Objective-C (though revisionists don't seem to remember it this way), Apple worked on advancing that and deprecated the native Java bindings after only a few versions and dumped the default inclusion of the Java runtime at all as of the current version. Cyberduck is the only big OS X app I'm aware of with a Java core, Neooffice/J having once also been quite popular but probably not so much since Open/LibreOffice went native.

It was quite stupid that Apple were still maintaining Java separately and more slowly, and this is exactly the sort of flaw that doing so has exposed. So it's good that they don't do that any more, though it's far from being Apple's only security problem.

7
0
Anonymous Coward

O/S

So, you need to have Java or Flash installed. I have neither on my Mac, so am I safe ? Surely rather than bashing Apple, is this not the fault of Adobe and Oracle ?

3
15

Re: O/S

If you don't have Java on your Mac then you should be safe, yes.

It's not the fault of Adobe (this time). The security 'hole' is in Java. Oracle patched this particlar hole in February, but Apple maintain their own version of Java fo OSX and it took them until Tuesday to issue a patch.

5
0
Bronze badge

Re: O/S

What you are seeing is a back lash against Mac users. When Windows users pointed out that the flaw was in a 3rd party application fanbois shot back and said windows should of never allowed it to happenand macs don't get infected.

10
1

Re: O/S

They switched exploit (CVE-2012-0507, from CVE-2011-3544 and CVE-2008-5353) on March 16 I think.

0
0

This post has been deleted by its author

Anonymous Coward

Re: O/S

Thanks for the reasonable reply - my post got so many downvotes even for asking a question.

Apple vs Windows is worse than Liverpool / Everton or Arsenal / Tottenham.

5
1
Bronze badge

Re: O/S

Good point. I don't have "runtime Java" installed that I know of, and I maintain a very tight whitelist in FlashBlock.

Don't know enough about Oracle to comment on Java, but I have enough experience with Adobe products to know that Flash and Acrobat practically scream pwn me, PWN ME!

0
1
Silver badge
Unhappy

Re: O/S

I've never tried installing Liverpool, Arsensal, Tottenham or Everton on my computer. What features do they offer?

3
1
Silver badge

Bloody, bloody java...

I'm currently vulnerable to this, as my main install of Java is a bit out of date, but updating it on Windows, when you run as an user, is a pain - even if you authenticate as admin, it fails with a folder creation error, so you have to log out, login as Admin...yeah, I'm lazy.

But not only that - a lot of programs that rely on Java (e.g. SPSS/PASW) use their own JVM to ensure that it is compatible, and these never get updated, which is a bit of a security hole...

It's a shame it's useful, otherwise I'd just get rid of it.

6
3
Silver badge

Re: use their own JVM to ensure that it is compatible

Yep. You don't want to get me started on programmers working on critical apps that depend on Java versions that Sun stopped supporting 2 years before they sold out to Oracle.

1
0

This post has been deleted by its author

Trollface

Mac users will....?

<Switches off SMUG mode>

;)

2
1
Silver badge
Mushroom

But, but...

they told me Apple computers didn't get viruses!

Say it's not so Steve!

http://www.youtube.com/watch?v=M3Z386vXrt4

5
1
Anonymous Coward

Re: But, but...

Don't get Windows virus. Are you really so thick?

1
6
Silver badge
FAIL

Re: But, but...

Riiiight, anonymous fanboi. I never said macs did/didn't get infected by Windows viruses.

English is obviously not your first language.

3
1
Anonymous Coward

Re: But, but...

So lets examine you English skills

Where in the advert does it say that Macs can't get a virus? - It doesn't, Not even once.

They'r clearly talking about a Windows Virus. Which a Mac cannot get. Yes, they can pass them on.

So you're original comment "they told me Apple computers didn't get viruses!" is actually completely wrong. They never said it at all.

English may be your first language, but you're not very good at it. Stick to picture books

1
4
Paris Hilton

HAHAHA

I DONT HAVE TO WORRY ABOUT MICROSOFT VIRUSES I HAVE A MAC

6
2
Holmes

But...

There are no viruses on Mac's.

I was told this. It must be true.

2
2

HAN! HAN!

0
0
Silver badge
FAIL

I've noticed a distinct dislike of Mac users on El Reg, nothing wrong with that, anyone who spends double the value because it has a customised version of linux on it deserves to be mocked. I mean really, I've tried using a mac, honestly I have. But its just terrible. Shame Microsoft is trying to copy them now.

*jumps on the Linux boat*

1
11

> it has a customised version of linux

Macs don't run Linux, customised or otherwise.

9
1

I think he meant Unix. It's easy for the layman to get the two mixed up sometimes (like affect and effect for most people), so cut him some slack.

2
4
Bronze badge

>Macs don't run Linux, customised or otherwise.

Sure they do - My mum ran Debian on an old purple PPC iMac for years.

6
0
Anonymous Coward

Yep, got Unbuntu running on an old PPC power book

2
0
Bronze badge

Tosser

that about covers it.

1
0
Bronze badge

Layman?

I thought he was another holier than thou Linux user?

1
0
Anonymous Coward

Enjoy the show

Sit back, put your feet up, get the popcorn out and be prepared to watch the spark fly as the forumites kick off.

Remember play nice girls and boys

1
0
Anonymous Coward

Re: Remember play nice girls and boys

Now, where did I put the remote that turns on the rotation, tilt, and spikey things?

0
0
Silver badge

"exploiting a Java hole that Apple only patched on Tuesday"

Er, Apple aren't maintaining Java for OS X on their own. As your own article states, Oracle are involved in this release too.

Apple are no more interested in keeping Java limping along than they are in supporting Flash on iOS. Both are obsolete technologies that have lasted well beyond their Use By date.

2
6
Anonymous Coward

Re: Apple aren't maintaining Java for OS X on their own.

What bit of "only runs on OS X 10.7" did you not understand?

4
1
Stop

After checking that my Mac was clean, I thought that I'd see which version of Java is installed. So I typed java -version into bash. The result was:

No Java runtime present, requesting install.

Needless to say, I clicked cancel when it asked me if I wanted to install Java. So unless a user has explicitly installed Java on their Mac, then they're safe (this time).

3
2
Meh

Nice to see El Reg forums maintaining their usual standards...

For anyone interested, instructions on checking for and removing the malware are here :-

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

The only observation I would make is that, of the number of active OSX computers in use (given the sales of OS updates & etc), 500,000 is actually quite a small percentage. So they've got off lightly, basically.

3
2
Anonymous Coward

Thanks

Thank you for posting something useful!!!!!!!!

0
0
Silver badge

This is BS. I have been operating a Mac and an IPod for years and I've NEVER, repeat NEVER, got a virus but I know people running windows who have get thousands of viruses all the time.

Anyway a Trojan isn't even a Virus. Plus it's Javas fault, not Apples. and anyway Windows had viruses first.

2
15

@NomNomNom

How do you know you NEVER, repeat NEVER, got a virus? Every Mac user I've come across in the last 20 years, has refused to install any Antivirus, therefore wouldn't actually know if they had got a Virus.

6
1
Anonymous Coward

to NomNomNom

If you check I think you will find that the first 'virus' was written for UNIX

2
0
FAIL

NonNomNom.... you really know someone (you said people which would be more than one person) with "thousands" of viruses on their computer(s)? I think not. So...we know that's not factual, so what else isn't factual in your posts?

3
1
Silver badge

Actually...

...depends on how you define "thousands". I did once end up cleaning a computer that had well over 100,000 running copies of the same worm, each with its own executable in c:\windows\system. "Slow" doesn't begin to describe it.

And yes, trolling troll is trollicious.

3
0
Silver badge

Re: Actually...

I didn't have to clean it up, but our Sr. Tech did.

Back in the early virus fighting days, Sr. Pilot fish installed really good AV that you can't get anymore (It didn't even trust updates it downloaded itself, and unless you'd granted explicit permissions to directories you couldn't write there either) on server for a client. Client got a virus. Virus said you the system was infected and could be cleaned, but the AV needed to be turned off first. AV was configured to quarantine, not delete and had been running for over a year catching many, many viruses and stopping them from infecting the system. Client dutifully turned off AV and proceeded to "clean" the infection. Which of course released EVERY virus from the quarantine.

I was so glad I wasn't Sr. Tech that day.

0
0
Bronze badge

@NomNomNom

You may write as many viruses as you want. More interesting is how much chances they will have to infect and spread outside of the lab. For this matter count those viruses for *nix that have been allegedly detected in the wild along with the percentages.

AMOF, This case shows that:

1) Java runtime is a pretty dangerous technology to be allowed in a web browser, nothing to say it is almost always redundant stuff

2) Apple is sloppy

3) Oracle may also be sloppy

0
0
Silver badge

Re: Actually...

Reminds me of something, that does.

http://www.youtube.com/watch?v=8vxEimC3HME

1
0
Silver badge
Facepalm

Re: @Aqua Marina

...then you haven't come across very many Mac users then, have you?

Every Mac user I know (including me) has AV installed - if only to avoid inadvertently forwarding a Windows virus to a windows-using friend.

Shock! Horror!

Some of us Mac users DO have friends who use Windows - and we STILL talk to each other and remain friends...

1
0

This post has been deleted by its author

Bronze badge
Boffin

Re: @Aqua Marina

I agree. If you did not at least have Disinfectant in you Mac toolkit back when, you should be ashamed of yourself.

And I'd like to add that I've lived through an ugly Autostart 9805 worm/virus infection on my old PowerMac G3 to tell the tale.

0
0
Bronze badge

NomNomNom is trolling

Thank you and have a nice day

10
1
This topic is closed for new posts.