We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Is Apple to Blame for Size of Mac Botnet?

Apple sat silently on the sidelines knowing that a Trojan horse was attacking Mac OS X systems in the wild.

Mac OS X may be more secure than Microsoft Windows in some ways, and it certainly has fewer attacks aimed at it, but it's not invulnerable. Reports are emerging that as many as 600,000 Macs have been compromised by a Trojan horse.

The Flashback Trojan was discovered in August of last year. The malware masquerades as a Flash Player update, but when executed it exploits a flaw in Java to infect the system and make it part of a Mac botnet.

How to check if your Mac is Flashback infected

Cyber criminals develop attacks for the low hanging fruit. They want malware with the widest pool of potential victims, and the greatest possible return--either financial, or information that can be sold for financial gain. Apple has been flying under the radar of relevance for years from a malware developer perspective, but as the popularity of Mac OS X increases so does its value as a malware target.

"There has been a significant increase in Mac malware in the last several quarters, so what we've seen with the Flashback Trojan isn't particularly surprising. Attackers are leveraging years of success from writing PC malware and they're doing the same thing in the Mac world," said Dave Marcus, director of advanced research and threat intelligence at McAfee Labs.

That may be true. But, in this case it seems that Apple's own hubris has contributed to the scope of the problem as much or more than the malware itself. The threat has been known for months. It has been somewhat common knowledge--at least in security circles--that attacks were being targeted at Mac OS X systems. But, Apple was silent.

Oracle issued a patch for the underlying Java vulnerability in February. Apple just pushed out an update to address the Java flaw last week--two months later. While Mac users waited for a fix, malware developers continued to target and exploit vulnerable Mac systems. Even if Apple wasn't ready to issue a patch earlier, it had an obligation to its users to communicate the risk and make users aware of the threat and steps to take to avoid becoming a victim.

Andrew Storms, director of security operations for nCircle, faults Apple's head-in-the-sand approach to security for letting this threat spread as far as it has. "This malware has been circulating for months. Even though Apple didn't have the Java patch available for distribution they certainly could have warned their users. Apple's closed-mouth policy regarding OSX security issues played a direct role in a malware infection affecting hundreds of thousands of Macs."

Storms chastises, "Bad policy Apple--step up your game."

IDG UK Sites

45 Best Android games: top Android games for your smartphone or tablet in 2014 (24 are free!)

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Do you have the X-Factor too? Mix Off app puts fans in the frame

IDG UK Sites

iPad Pro release date, rumours and leaked images - 12.9 screen 'coming in 2015'