We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Is Apple to Blame for Size of Mac Botnet?

Apple sat silently on the sidelines knowing that a Trojan horse was attacking Mac OS X systems in the wild.

Mac OS X may be more secure than Microsoft Windows in some ways, and it certainly has fewer attacks aimed at it, but it's not invulnerable. Reports are emerging that as many as 600,000 Macs have been compromised by a Trojan horse.

The Flashback Trojan was discovered in August of last year. The malware masquerades as a Flash Player update, but when executed it exploits a flaw in Java to infect the system and make it part of a Mac botnet.

How to check if your Mac is Flashback infected

Cyber criminals develop attacks for the low hanging fruit. They want malware with the widest pool of potential victims, and the greatest possible return--either financial, or information that can be sold for financial gain. Apple has been flying under the radar of relevance for years from a malware developer perspective, but as the popularity of Mac OS X increases so does its value as a malware target.

"There has been a significant increase in Mac malware in the last several quarters, so what we've seen with the Flashback Trojan isn't particularly surprising. Attackers are leveraging years of success from writing PC malware and they're doing the same thing in the Mac world," said Dave Marcus, director of advanced research and threat intelligence at McAfee Labs.

That may be true. But, in this case it seems that Apple's own hubris has contributed to the scope of the problem as much or more than the malware itself. The threat has been known for months. It has been somewhat common knowledge--at least in security circles--that attacks were being targeted at Mac OS X systems. But, Apple was silent.

Oracle issued a patch for the underlying Java vulnerability in February. Apple just pushed out an update to address the Java flaw last week--two months later. While Mac users waited for a fix, malware developers continued to target and exploit vulnerable Mac systems. Even if Apple wasn't ready to issue a patch earlier, it had an obligation to its users to communicate the risk and make users aware of the threat and steps to take to avoid becoming a victim.

Andrew Storms, director of security operations for nCircle, faults Apple's head-in-the-sand approach to security for letting this threat spread as far as it has. "This malware has been circulating for months. Even though Apple didn't have the Java patch available for distribution they certainly could have warned their users. Apple's closed-mouth policy regarding OSX security issues played a direct role in a malware infection affecting hundreds of thousands of Macs."

Storms chastises, "Bad policy Apple--step up your game."

IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model