We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Is Apple to Blame for Size of Mac Botnet?

Apple sat silently on the sidelines knowing that a Trojan horse was attacking Mac OS X systems in the wild.

Mac OS X may be more secure than Microsoft Windows in some ways, and it certainly has fewer attacks aimed at it, but it's not invulnerable. Reports are emerging that as many as 600,000 Macs have been compromised by a Trojan horse.

The Flashback Trojan was discovered in August of last year. The malware masquerades as a Flash Player update, but when executed it exploits a flaw in Java to infect the system and make it part of a Mac botnet.

How to check if your Mac is Flashback infected

Cyber criminals develop attacks for the low hanging fruit. They want malware with the widest pool of potential victims, and the greatest possible return--either financial, or information that can be sold for financial gain. Apple has been flying under the radar of relevance for years from a malware developer perspective, but as the popularity of Mac OS X increases so does its value as a malware target.

"There has been a significant increase in Mac malware in the last several quarters, so what we've seen with the Flashback Trojan isn't particularly surprising. Attackers are leveraging years of success from writing PC malware and they're doing the same thing in the Mac world," said Dave Marcus, director of advanced research and threat intelligence at McAfee Labs.

That may be true. But, in this case it seems that Apple's own hubris has contributed to the scope of the problem as much or more than the malware itself. The threat has been known for months. It has been somewhat common knowledge--at least in security circles--that attacks were being targeted at Mac OS X systems. But, Apple was silent.

Oracle issued a patch for the underlying Java vulnerability in February. Apple just pushed out an update to address the Java flaw last week--two months later. While Mac users waited for a fix, malware developers continued to target and exploit vulnerable Mac systems. Even if Apple wasn't ready to issue a patch earlier, it had an obligation to its users to communicate the risk and make users aware of the threat and steps to take to avoid becoming a victim.

Andrew Storms, director of security operations for nCircle, faults Apple's head-in-the-sand approach to security for letting this threat spread as far as it has. "This malware has been circulating for months. Even though Apple didn't have the Java patch available for distribution they certainly could have warned their users. Apple's closed-mouth policy regarding OSX security issues played a direct role in a malware infection affecting hundreds of thousands of Macs."

Storms chastises, "Bad policy Apple--step up your game."

IDG UK Sites

6 best gaming PCs 2015: What's the best gaming PC you can buy in the UK?

IDG UK Sites

Three of the most expensive Limited Edition games ever made: Who's buying a $1,000,000 game?

IDG UK Sites

The future of Microsoft Surface: What to expect from the Surface Pro 4

IDG UK Sites

Best Mac: Apple Mac buyers guide for 2015: iMac, MacBook, MacBook Air, MacBook Pro, Mac mini and...