Thanks to a relatively small market share for many, many years, Macs have been relatively safe from malware. Since so few people had Macs in relation to PCs, the criminals and hackers who design malware didn’t really feel the need to create that much malware targeting to Macs because it wasn’t that profitable for them. Today, as Macs are gaining more market share and making their way into even more homes and business, in increasing amount of malware is being created to target Macs.
At the same time, thanks to Apple marketing itself as being free from viruses in the recent past, many Mac users are convinced that their systems are immune from the threat of malicious software. Unfortunately, that just isn’t the case, but it is indeed true that the class of malware called a “virus” has yet to afflict modern Macs.
This increase in market share (and malware in turn) along with owners’ ignorance about these threats has caused massive spikes in malware infections. The most recent exploits a Java flaw. This current, giant threat keeps spreading, and the Flashback Trojan has affected about 600,000 Macs worldwide.
Where it is prevalent
This trojan has been attacking Mac OS X systems all over the globe. Over half of the infections have been in the United States. Nearly 20 percent of the infections have afflicted Canadian Macs. Many users in the United Kingdom and Australia have been infected as well. The infections have by no means been limited to these countries, as there are statistically significant numbers of affected Macs in Europe, Asia, and South and Central America as well.
How it is spread
While many infections are spread by downloading an infected file or application, some are spread by interacting with the parasite in some way. This is not the case with this infection.
Macs with Flashback became infected by websites exploiting a Java flaw. These malicious sites downloaded Flashback.K through this hole onto Macs without any sort of warning. This parasite then saves an executable file on the infected Mac’s hard disk, and this file will download the payload covertly from a remote server and then launch the malware.
There are many websites that contain this malicious code. Sites include godfowar3.rr.nu, bestustreamtv.rr.nu, and ustream.rr.nu, but it seems that there may be more than four million web pages that are compromised by this exploit.
What it does
After Flashback is on a Mac, it asks users to supply an administrative password; this is the first indication of this infection. Users may think that they avoid the malware by not providing a password, but this is just a formality since the malware is already on the machine.
This trojan has very few visible symptoms. It will make sporadic connections to remote servers, and these will not be noticeable to a user. If the Mac has a firewall installed, a user may be able to see these connections in the firewall log. The payload that Flashback downloads from these servers, however, could afflict the computer with numerous other symptoms. With most malware, the aim is to steal personal information and data that could end up being profitable for whomever controls the infection, often crippling the infected computer in the process.
Using antivirus and antimalware software is the best way to handle this trojan. It is much easier to prevent infection in the first place, so you should have current, active security software installed on your Mac; if you don’t, get some such as MacKeeper or Norton right now. These programs could help you battle this parasite if it is already on your system, but since the majority of Macs are still clean, prevention is the best medicine.