Kaspersky blames Apple for massive ‘Flashfake’ malware breakout

Malware

by Allan Swann| 11 April 2012

Kaspersky is blaming Apple's inaction on the Flashfake trojan as the main cause for the worldwide MacOS infection.

Apple's long standing (and false) reputation for being 'malware free' has taken a huge blow as a new Trojan, Flashfake, has infected Apple computers worldwide.

Kaspersky Lab's Chief Security Expert, Alexander Gostev, is laying the blame squarely at the corporation's feet.

He says that Apple knew about the threat for months, but did little to protect its MacOS users from the Java vulnerability - while rival systems had been patched by Oracle months earlier.

Virus

In what will make it one of the largest malware infections in mac computing history, Kaspersky says that approximately 98% of the 670,000 computers infected with the Flashfake are running MacOSX, compared with just 2% on other operating systems.

Whereas on other computing systems Oracle (Java's owner) issued a security patch nearly 3 months ago, Apple doesn't allow Oracle to patch Java for Mac on its own. They keep it hands on and do it themselves, historically several months after the fact. In this case, Apple only sent out its own patch on April 2nd. This meant that the window of exposure for Mac users was much, much longer than other PC users.

"The three month delay in sending a security update was a bad decision on Apple's part," said Gostev.

"Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time."

"The problem is exacerbated because - up to now - Apple has enjoyed a mythical reputation for being 'malware free'. Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security," said Gostev.

Flashfake is a family of OS X malware that first appeared in September 2011. Previous variants of the malware relied on cyber criminals tricking users into downloading the malicious program and installing it in their systems. This latest version of Flashfake exploits a vulnerability in Java, and does not require any user-interaction. It occurs when victims unwittingly visit infected websites, allowing the Trojan to be downloaded directly onto their computers through the Java vulnerabilities.

Users infected by the virus could have their computers watched and controlled remotely by hackers, which then makes any personal info and banking information vulnerable.

Virus writers are increasingly targeting Mac users, a threat that has been limited historically, by Apple's small user base and its creative-industry focus. For business savvy cyber-criminals - the return on investment simply wasn't there. However, the increasing popularity of Apple Macs, especially in consumer markets has changed that.

It doesn't help that users and Apple alike have long painted the MacOS platform as being free of viruses and malware - a myth so strongly held by Apple fanboys that many users don't even install anti-virus software on their machines. Flashfake may change all that, and open a lucrative new market for the IT security companies.

This is the largest Mac-based infection to date, with the largest number of victims targeting developed countries. The United States had the most infected computers (300,917) followed by Canada (94,625), the United Kingdom (47,109) and Australia (41,600). Other infected countries included France (7,891), Italy (6,585), Mexico (5,747), Spain (4,304), Germany (4,021) and Japan (3,864).

Apple, while previously staying mum on the subject, finally came out and admitted there was a problem, stating that, while the vulnerability has been patched, it is still "developing software that will detect and remove the Flashback malware" for computers already infected. No timeline was offered for this fix.

Kaspersky and a number of other outlets have already issued their own Flashfake remover tools.

Other than the update already delivered Apple has been recommending that users disable Java in their browser preferences. Apple has also said that it is working with ISPs worldwide to disable the Botnet's command and control network.

 

 

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Malware Intelligence

Suppliers Directory


See more
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.