DownWithTyranny!: For Mac users: Have we entered the wonderful world of computer viruses? (For PC users: Do you have to be so damned gleeful?)

by Ken

It would be nice if the reports didn't come bathed in quite so much gloating from PC users long accustomed to virus infestation. Still, for Mac OS X users who, like me, have heretofore smugly thought ourselves immune to virus infection, the message matters more than the unseemly glee of the messengers. As I was reading this NYT report, my heart skipped a beat when I recalled that just recently I did in fact respond to a legit-looking prompt that I was missing a required Flash update, and yes, when prompted, I typed in my password. And as I think back, it puzzled me at the time that this sequence didn't result in the expected software-installation routine, and the clip I'd been trying to play proceeded to play just fine. Hmm! Or should I say uh-oh.

Then again, I don't know what to make of the information that this post was "Last Updated: Sun, Apr 08." Um, huh??? (Sorry, there are no links here because this comes from a third-party site, not nytimes.com.)

Widespread virus proves Macs no longer safe from hackers

By Nicole Perlroth

Last Updated: Sun, Apr 08, 2012 00:12 hrs

For years, Mac users have been told that not only are they cooler than their PC counterparts, they are safer too. Apple has always held that computer viruses and malware only dogged its competitors.

That is no longer the case.

This week, security researchers discovered a new computer virus had infected half a million Mac users -- about half of them in the United States. The malicious program, known as a Trojan horse, is infesting users in the most surreptitious way possible: users need not manually click on any malicious links or manually download any malware to get infected. The program simply downloads itself. Once downloaded, the Trojans' creators gain a back door that gives them unauthorized access to the victim's computer.

"This is the largest scale attack on Mac OS X to date," said Roel Schouwenberg, a senior researcher at Kaspersky Lab, an antivirus software company who has analyzed the malware. "And much more sophisticated."

For now, the Trojan's creators appear to be using infested computers for click fraud, in which they manipulate clicks on a Web advertisement in exchange for kickbacks. But as with all Trojans, its creators can choose to use infected computers however they like.

The malware infects computers in one of two ways. In some cases, users receive a pop-up prompt purporting to be from Adobe Flash asking them to install an update and type in their password - hence the Trojan's name, "Fakeflash" or "Flashback." But in most cases, attackers appear to have exploited a loophole in Java software that automatically downloads the malware onto victims' machines without any prompting.

Apple issued two security patches for the Trojan this week and encouraged Mac users to run their software updates as soon as possible. For the technically astute, F-Secure, a Helsinki-based security firm, published instructions for how to identify Fakeflash and remove the virus manually.

Several security experts have criticized Apple as slow to react, considering Oracle issued a fix to the Java security hole in February. Apple did not issue a fix until more than a month later.

Doctor Web, a security firm based in Russia, discovered the Trojan had exploited the loophole to infect Mac computers this week. Kaspersky Labs reverse engineered the malware and began to intercept its communication on Wednesday. So far, it found 620,000 computers had been infected. Some 301,000, were in the United States. Another 95,000 computers were in Canada, with 47,000 in Great Britain and 42,000 in Australia. Almost all -- 98 per cent -- ran Mac's OS X operating system.

This is hardly the first time Mac users have been hit by a Windows-style computer virus. Last year, security researchers discovered a piece of malware, called Mac Defender, had targeted Apple machines. Intego, a security firm, discovered Mac Defender on May 2, 2011. It took Apple until May 31, 2011, to issue a fix.

Security experts said Fakeflash was far more widespread and sophisticated than Mac Defender. Several cautioned that it may signal a new era in which Mac users become the new target for Windows-style malware attacks. Apple's growing share of the PC market simply makes it too juicy a target.
"Last year's attacks were a turning point - criminals realized they could make money targeting Apple users," said Mr. Schouwenberg."As Apple gains more market share, it will also see more attacks."

Adam J. O'Donnell, a security architect at Sourcefire, a computer security firm, wrote a report in 2008 predicting that digital criminals would start targeting Mac users with Windows-style malware attacks once Apple's share of the PC market reached 16 percent, assuming that Windows anti-virus solutions were at least 80 percent effective.

He was not far off. Apple currently holds 12 percent of the PC market in the United States, according to Gartner, a research company, and anti-virus software has reached 95 percent effectiveness, according to AV Comparatives, a nonprofit that audits anti-virus software.

"The problem is that the security industry has much less visibility into Mac OS X than Windows," said Schouwenberg. "Mac users have been led to believe they're safe and turned off their paranoia filter. There is a lot of easy prey out there."

I recalled that that eternal noodge Software Update was already pestering me about some kind of available update, and sure enough it was from Apple, and I duly installed it. I'm hoping that this protects me at least from future infection by at least the currently known manifestations of this virus, but I wouldn't think it does anything about an existing infection. I did go to the cited F-Secure link for those "published instructions for how to identify Fakeflash and remove the virus manually," but right at the start of the "Disinfection" section there's a warning:

Caution: Manual disinfection is a risky process; it is recommended only for advanced users. Otherwise, please seek professional technical assistance. F-Secure customers may also contact our Support.

And it was under the spell of that caution that I skimmed the "manual removal instructions" and was pretty sure I didn't understand them.

A commenter on the Washington Post article on the subject ("Alarmed about botnet trojan, Apple releases update for Macs") was suggesting that the panic alarm, including the 600K and 550K estimates for already-infected Macs, were coming courtesy of the U.S. anti-virus-software industry, but other commenters said no. (I haven't seen the comments on the NYT site, since I chose not to expend a click on the official version of the NYT account. Usually I don't give a damn about comments.)

I hate to be spreading Chicken Little-type noises with such limited knowledge. I would be happy to be update by any readers who know more. (Just be sure to indicate how you know what you know!) Meanwhile, I thought any Mac users I might reach who haven't heard should at least hear -- and at the very least take care to install that latest Apple OS X update!

GIVEN THE ALARMIST NATURE OF THIS POST, I
THOUGHT I MIGHT TOSS IN SOME LIGHTER FACTS

Courtesy of factshub.net, we have one practical fact (remember, always be sure to carry duct tape if you think you may encounter crocodiles) and one rather more image-evoking one.