We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 

Is Apple to Blame for Size of Mac Botnet?

Apple sat silently on the sidelines knowing that a Trojan horse was attacking Mac OS X systems in the wild.

Mac OS X may be more secure than Microsoft Windows in some ways, and it certainly has fewer attacks aimed at it, but it's not invulnerable. Reports are emerging that as many as 600,000 Macs have been compromised by a Trojan horse.

The Flashback Trojan was discovered in August of last year. The malware masquerades as a Flash Player update, but when executed it exploits a flaw in Java to infect the system and make it part of a Mac botnet.

How to check if your Mac is Flashback infected

Cyber criminals develop attacks for the low hanging fruit. They want malware with the widest pool of potential victims, and the greatest possible return--either financial, or information that can be sold for financial gain. Apple has been flying under the radar of relevance for years from a malware developer perspective, but as the popularity of Mac OS X increases so does its value as a malware target.

"There has been a significant increase in Mac malware in the last several quarters, so what we've seen with the Flashback Trojan isn't particularly surprising. Attackers are leveraging years of success from writing PC malware and they're doing the same thing in the Mac world," said Dave Marcus, director of advanced research and threat intelligence at McAfee Labs.

That may be true. But, in this case it seems that Apple's own hubris has contributed to the scope of the problem as much or more than the malware itself. The threat has been known for months. It has been somewhat common knowledge--at least in security circles--that attacks were being targeted at Mac OS X systems. But, Apple was silent.

Oracle issued a patch for the underlying Java vulnerability in February. Apple just pushed out an update to address the Java flaw last week--two months later. While Mac users waited for a fix, malware developers continued to target and exploit vulnerable Mac systems. Even if Apple wasn't ready to issue a patch earlier, it had an obligation to its users to communicate the risk and make users aware of the threat and steps to take to avoid becoming a victim.

Andrew Storms, director of security operations for nCircle, faults Apple's head-in-the-sand approach to security for letting this threat spread as far as it has. "This malware has been circulating for months. Even though Apple didn't have the Java patch available for distribution they certainly could have warned their users. Apple's closed-mouth policy regarding OSX security issues played a direct role in a malware infection affecting hundreds of thousands of Macs."

Storms chastises, "Bad policy Apple--step up your game."

IDG UK Sites

Netflix to introduce price increase: New subcribers to start with

IDG UK Sites

Apple financial results: iPhones, iPads & Macs sales for Apple's Q2 2014, plus shares to split

IDG UK Sites

Twitter - not news

IDG UK Sites

See Moo Studios' new animated advert for Blue Moon beer