Hackers hitting Macs with virus: industry experts

Don't panic Mac users! This virus will only come as an attachment to an irregular email and if you are silly enough to open it then you deserve what you get. There is still no reason to run anti-virus software on a Mac. Just be websmart!

There is still no reason to run anti-virus software on a Mac.

That's pretty funny. Apple has been recommending Mac users to using antivirus software for the past 4 years. There is nothing in the desgin of a Mac that makes it safer than a PC.

Disillusioned got it wrong. Read the article. There are other vectors for this malware, including via browser, and via fake software update screens. Here's how you could get it, how to find out whether you have it, and how to remove it if you do:

http://m.cnet.com/Article.rbml?nid=57410096&cid=latest&bid=263&webref=reviews.cnet.com/how-to-remove-the-flashback-malware-from-os-x/8301-13727_7-57410096-263.html%3f

No hackers target Mac's because there is nothing worth stealing from Mac users.

I find it funny that people still think that anything with a chip in is is 100% safe. Now to go find my neighbor's banking information again to order some more of those AKB48 posters to be overnight-ed to his house again ;)

gogogo, I always wondered about that. I thought the marketing studies say the typical Apple customer is supposed to be more smug and well-heeled, since the products are more expensive, and due to Apple's "it just works" PR, they expect no trouble ever. Sounds like a perfect sitting duck for a con. Why wouldn't scammers target these apparently richer, less geeky folks?

The tech blog crowd suggests that it has to do with % of computers online. If your malware has a success rate of 0.3%, and there are 20 PCs online for every Mac, then you're far better off pointing your malware at PCs. Also, the people who write malware often sell it. The market is for PCs, which are also used by many small businesses with no IT dept. or protection; and which are used in virtually every country around the globe, while Macs have been a luxury for first worlders.It's been a bulk numbers game.

But that may be changing.

Lol.

The truth is hackers ( btw they are properly called crackers in the hacker community ) design their viruses ad other malware to attack as many users as possible. It's only to be expected that Mac OS starts seeing an increase of malware infections as its market share grows. It's the reason why Windows desperately needs Anti-virus software, because it has an over whelming majority of marketshare ad therefore more susceptible to malware attacks.

If you really want to have the best protections against such virus then dump windows and Mac and pickup Linux. =)

If you really want to have the best protections against such virus then dump windows and Mac and pickup Linux. =)

OSX is Linux based!

And, for those who say I got it wrong, have you ever actually used a Mac? Have you ever had a virus on your Mac? Did you actually read my post? There is no need to run anti-virus on Mac as long as you are websmart and don't download any crap! I also noticed an ad for MacKeeper on the side of this webpage. That is an example of Mac malware!

If any of you 'new to Mac' ex-Windoze l/users are so scared of getting an imaginary virus on your Mac you should install ClamXav. It's a free anti-virus app, but completely unnecessary!

Oh, and the other point mentioned was about Apple recommending using anti-virus software. That is only because too many paranoid Windoze users are switching over and constantly worry about virus attacks. Please check Apple support discussions for verification.

OSX is Linux based!

No it's not. It's Unix based but not Linux based.

It is Unix based and the hiararchy goes sideways and not up which stops a lot.

This Mal-ware is coming through Java, not Flash. If you do not need Java, dump it.

I need it for Photoshop, so for the first time protected myself. Clamx did not find anything. I got rid of it. I tried AVAST and although no virus found, it gave me four warnings for files, and one was a Norton file.

I downloaded a trial Norton last night and had to get rid of it, as I was not able in over 6 hours time find a way to get my VPN to work. Norton anti-virus on a Windows system shows its Firewall, but it does not show its own firewall on the Mac. That made it problematic for me to permit the VPN.

Any questions please ask.

OSX is Linux based!

that right there show you how techi are the Mac Kolaid drinker Fanbois.

lol

@The_True

I am not being insulting, and I think I know what you are trying to express, but there are a lot of people on this site that use English as a second language. Please try to clarify your thoughts for them. I think they would appreciate it. Thanks :-)

JapanGal, due to work-related licensing, I'm using Sophos Antivirus now, and it seems fine. Until last year we have been using McAffee Security, and we've never had any viruses in 3 years.

This is a reason Apple is keeping iOS separate from MacOS, because they can't control MacOS environment as well as they could iOS environment. People just web-browsing leaving Java on, visit any websites thinking they're safe, and inadvertently infect themselves without even downloading anything. Sometimes, it's hard to tell which websites are good and which websites are bad. There's so many new sites everyday, and websites can disguise themselves.

I always recommend people to always get at least some antivirus, whatever they have. More protection never hurts. And it's not just for their sake - it's mutually beneficial. If they get infected and their computers turn zombies, then their zombies slow down the internet - unfortunately, we share the same internet.

OSX is linux based?! OMFG. Btw, there are viruses for the Linux root, but one has to be a complete retard and try on purpose to get infected.

Associating OSX with Linux (or security) is a thing I take as a personal offense.

Notice a lot of thumbs down on some comments where a Mac user has defended the sturdiness of a Mac...must be from Windows users!

I've been using Mac for 3 years...no intention of going back to Windows-we-guarantee-you'll-be-buying-another-pc-within-five-years or Microsoft! Mac doesn't need Adobe Flash, so anyone dumb enough to believe such a mail doesn't deserve to have a high end machine like a mac!

timeon - yeah, good luck with McAfee! Resource hog and complete crap!

Apple has been recommending Mac users to using antivirus software for the past 4 years. There is nothing in the desgin of a Mac that makes it safer than a PC.

Erm...no, they haven't and Mac is waaaaayyyy safer than a PC! You're obviously a Windows user!

@bookowls - that's exactly why there's a huge botnet of macs - because Mac users don't generally run antivirus software, think they are immune, and don't realise that criminals are hijacking their CPU and internet bandwidth. Sadly, lack of attention to security applies across all platforms among people who aren't interested and don't care. Not until their credit cards are hacked, anyway.

As a recovered Macaddict, I've discovered the freedom of using other OSs and having my own choice of softwares to use and customise. There IS life outside of the Mac-cult. Sorry Steve.

And, for those who say I got it wrong, have you ever actually used a Mac? Have you ever had a virus on your Mac? Did you actually read my post? There is no need to run anti-virus on Mac as long as you are websmart and don't download any crap!

How can you be "websmart" and not download any "crap"?. It's inevitable that these users will download something either because they have to or want to. Also Mac is Unix based NOT Linux based. Some people make the mistake of somehow likening both OS's just because they are of the Unix family. But that is inaccurate. With that kind of logic you could even make the statement that Windows is based off Mac just because both are C and C++ programmed, it's absurd.

With an OS market share of what 29.5%? that's just below Window' some 71% Market share which is why after Windows a Mac is more likely to get a virus. There is no point for a malicious user to target about 9% of users of which are Linux, put aside the difficulty of actually attacking Linux.

I must admit a bit of schadenfreude here. I've been hearing so many smug Mac users claiming that Macs are just so goshdarn better, that they never get viruses or malwares, that they are just faster and in everything better that I'm just happy when some news come out like this and brings them back to earth.

It's not even like I'm the fans of other OS. I like Windows and use it, but I'm not a fan of it in no way, I have installed linux distros on my computer. I have an Android tablet, and I like it, but I'm no Android fan either. But the sheer proselytizing drive of Mac users really get on my nerves. It's like Jehovah's Witnesses, I may not be religious, but if people come and try to convert me, I tend to dislike them and their religion very much,

I have been using Macs for years, this is the 1st time I hear about an infection. Which was contained by Apple this last Monday, when they released an uptade to fix for Java. Funny how Apple-haters are throwing virtual parties for something so small in comparison to real big infections out there.

Anyway, here's an easy way to check your Mac, courtesy of CNN:

http://edition.cnn.com/2012/04/06/tech/web/mac-flashback-trojan-check/index.html

Because Mac users bragg so much that they don't get viruses will only now make them a target by hackers just for the hell of it.

Nothing rankles some nerds more than the mention of anything Apple related. You can practically smell the Star Wars figurines and anime porn coming off the screen

It was just a matter of time before Mac made it onto some asshat of a hacker's radar.

I have a heartfelt and emphatic message for any Mac users out there who still operate their machines under the utterly false assumption that there is something intrinsically special about the OSX architecture that makes it invulnerable to viruses:

Stop being stupid.

Mac has managed to avoid the (well-earned) reputation Windows earned for being a virus magnet only because Windows was top dog on the block for the better part of two decades. That is clearly no longer the case, and now that the market shows better than 30% of computer users heading towards the "I can just start using it right out of the box and I don't have to know anything about computers because Macs are, golly, just so gosh darn intuitive" Mac brand, well...

A cursory purusal of some of the more asinine motivations and rationales given by the hacker asshats who call themselves Annonymous to go out of their way to hack machines, steal data, and generally screw up people's lives, it doesn't take an advanced computing degree to know that Mac users, after years of willful ignorance, have probably the tastiest target painted on their backs since the U.S. Cybercrimes division went online with press and media fanfare.

It's hard to believe that because of this one article posters are coming on to say how 'smug' Mac users are and saying this virus is 'proof' that Macs are not better than Windows PCs. The fact of the matter is, this would be the FIRST virus out there that targets Macs (or else if there have been others there was obviously no damage done). Windows computers on the other hand have SO many holes in the OS that you absolutely NEED Norton and maybe even more to scan through everything and eat up all your RAM. Apple products are of course HEAPS safer, and all around better, than Windows PCs, but the fact remains that as Apple takes more of the market share and people switch over, clever hackers are going to find a way in.

Just two years ago Apple held a contest stating that they would give $10,000 to anyone who could hack into their homepage. It took something like 24 hours and heaps of hackers working on how to do it for one kid to slip in past security and change something on the page. Of COURSE it can be done, but the fact is it's a whole lot harder, because Mac security is better.

"Of COURSE it can be done, but the fact is it's a whole lot harder, because Mac security is better."

Utter horse puckey. No one has really had an incentive to try their hand against Mac, that's all.

LFRAgain - If you think Apple-hating computer nerds haven't been busy trying to hack Mac Os's, you're being very naive. As Smith points out, if it hasn't been done yet, the proof is in the pudding.

It's not virus, it's a trojan. Trojans don't self-replicate.

This isn't the first either. This is a variant of something that has been out there for a while. What's different is that they are C&Cing them and they are part of a botnet --whereas before they were not botnetted.

This has several vectors, the most effective, as of now, is the drive by, facilitated by the fact that 4MM webpages out there have the code. There is no way for someone not running AV to avoid those webpages -unless they uninstall their browsers or uninstall Java.

Comparing MOSX to Windows XP, a 10 yo OS is disingenuous. If you were to compare Vista or Windows 7 with MOSX, then that's fair. The newer versions of these OSes are pretty solid. There aren't many gaping holes (compared to before), so hackers being practical, are taking the easy route and that at the moment is third party Software like Adobe and Java RTE and your browser (Chrome just patched again, a second time in two weeks).

They are not striking at the OS, they are striking at third party SW which is not typically updated via the same channels as the OS --meaning there can be significant lag and thus a window of opportunity to attack. Now, if you are really important, they will get you, no matter what. There are tons of zero-days waiting to be exploited.

Nothing is immune. Don't believe what any big company would tell you otherwise. Spent too much time with computer gurus to know how smart they can be. If those people spent as much man-hours on Macs or Linux as they do with Windows, they would be in trouble too. Most computer problems are not from computers but from PEBCAKs, and nothing excites those gurus more than an ignorant PEBCAK, like a Titanic.

For example, follow the (in)famous annual Pwn2Own hacking competition that just occurred last month:

http://en.wikipedia.org/wiki/Pwn2Own

Every year, they successfully hack almost everything. Believe it or not, it's not Apple's Safari whose unhackable streak was ended this year - it was Google Chrome:

At Pwn2Own, Chrome was successfully exploited for the first time. VUPEN declined to reveal how they escaped the sandbox, saying they would sell the information.[41] Internet Explorer 9 on Windows 7 was successfully exploited next.[42] Firefox was the third browser to be hacked using a zero day exploit.[43]

Here's how it went last year 2011:

Day 1

During the first day of the competition Safari and Internet Explorer were defeated by researchers. Safari was version 5.0.3 installed on a fully patched Mac OS X 10.6.6.[37] French security firm VUPEN was first to attack the browser, and five seconds after the browser visited its specially crafted malicious web page, it had both launched the platform calculator application (a standard harmless payload to demonstrate that arbitrary code has been executed) and written a file to the hard disk (to demonstrate that the sandbox had been bypassed).

The second and last browser to fall for the day was a 32-bit Internet Explorer 8 installed on 64-bit Windows 7 Service Pack 1.[37] Security researcher Stephen Fewer of Harmony Security was successful in exploiting IE. Just as with Safari, this was demonstrated by running Windows' calculator program and writing a file to the hard disk.

Day 2

In day 2 the iPhone 4 and Blackberry Torch 9800 were both exploited. Security researchers Charlie Miller and Dion Blazakis were able to gain access to the iPhone's address book through a vulnerability in Mobile Safari by visiting their exploit ridden webpage. The iPhone was running iOS 4.2.1, however the flaw exists in version 4.3 of the iOS.[38]

Vincenzo Iozzo, Willem Pinckaers, and Ralf Philipp Weinmann were successful in exploiting the Blackberry Torch 9800. The team took advantage of a vulnerability in the Blackberry's WebKit based web browser by visiting their previously prepared webpage. The phone was running BlackBerry OS 6.0.0.246.[38]

Firefox, Android, and Windows Phone 7 were scheduled to be tested during day 2, but the security researchers that had been chosen for these platforms did not attempt any exploits. Sam Thomas had been selected to test Firefox, but he withdrew stating that his exploit was not stable. The researchers that had been chosen to test Android and Windows Phone 7 did not show up.[38]

Day 3

No teams showed up for day three. Chrome and Firefox were not hacked.

Bottomline: these types of guys are smart. Don't be a Titanic. Nothing is immune. If these types of guys put enough effort to target whatever you have, you'd be vulnerable too. But they usually target the big fries. Still be careful; you can't go wrong with more protection rather than less.

I checked our 3 Macs here, all of them are OK. Macs are the best, simply. I read in another tech forum, that those who got "infected", they are to blame themselves. They simply forced this trojan into their systems. I believe that, I don't open unknown e-mails, never update from a 3rd part resource.

They simply forced this trojan into their systems. I believe that, I don't open unknown e-mails, never update from a 3rd part resource.

This is a drive-by-download malware. It requires no action by the user other than visiting a website.

Apple and Java are to blame here. Apple waited 2 months after a fix was released by Oracle to update their Java. Windows users got the fix within 2 weeks.

@poppler: one of us is really misinformed. AFAIK, and I have read, you do need to click on a screen that imitates the classic Safari uptade screen. I read in no place that by only visiting a page you get your Mac infected.

Hackers?? Bastards!

smithinjapan: The fact of the matter is, this would be the FIRST virus out there that targets Macs (or else if there have been others there was obviously no damage done). Windows computers on the other hand have SO many holes

It's not a "hole" issue but a numbers issue. People didn't bother with making a virus for Mac since so few people use Mac operating systems. You could spend your time making a virus to inflect X number of people or you could spend your time doing the same thing and infect tens of millions more. What would your choice be?