Apple malware flourishes in a culture of denial

It looks as though Apple users have seen their first significant outbreak of malware, with Dr Web researchers claiming that more than 600,000 Macs have been botted by the drive-by Trojan, BackDoor.Flashback.39. Since Macs make up only a small percentage of the PC market (60 million Macs vs 1.3 billion PCs), this would be roughly equivalent to the Conficker outbreak, according to F-Secure's chief research officer Mikko Hypponen.

Flashback's success has been[..]isted by the culture of denial that -- with Apple's encouragement -- exists in the Mac market. Most Mac users don't use anti-virus software because they believe that their machines are impervious to malware.

Apple could help. The company spent many millions of dollars on TV advertising that contrasted a hipster-style Mac guy with a more businesslike PC character, and the Mac's freedom from virus infections was a core message. One misleading advertisement may also have damaged the Windows security ecosystem by discouraging users from upgrading from XP to the more secure Windows Vista.

Apple could usefully spend a few millions running some more TV adverts to say: "Sorry, Macs CAN be infected, and we recommend you take precautions." Obviously, Apple will not spend any of its spare $100 billion helping its users in this way.

One of the interesting things about Trojan BackDoor.Flashback.39 is that it encourages a culture of ignorance among the most knowledgeable Mac OS X users. If Flashback finds that its target Mac is running certain geeky programs -- Little Snitch, Packet Peeper, Xcode, some anti-virus software -- it deletes itself. In other words, it tries to avoid infecting those Macs where it is most likely to be discovered, reported and ultimately disassembled.

If all Mac malware does this, then Mac experts will truthfully report that they can see no evidence of malware infections. This will reassure the ignorant majority of Mac users, whose systems can then be infected more easily.

Now, it is far from certain that Dr Web is correct in saying that more than 600,000 Macs have been infected. Dr Web used sinkhole tactics (PDF) to measure the size of the botnet, so the number is believable. What is not so certain is that they are all Macs.

Today, Aleks Gostev (@codelancer), chief security expert at Kaspersky Lab, tweeted that:

Last night we sinkholed one domain of #Flashback. We can officially
confirm size of the botnet – more than 500k infected hosts.
We are not sure that all 500k #Flashback bots are Mac users. I have
some suspicions that probably bot for Windows also presented itw

To which Lucian Constantin (@lconstantin) replied:

Dr Web told me they counted unique IOPlatformUUIDs sent by bots
to the C&C. Isn't that a HW ID unique to the Mac OS X platform?

Whatever the case, it remains a fact that a large number of Macs have been infected, and that a very large number are still undefended and (as Pwn2own has shown) easily hacked.

If Apple is not going to do the decent thing, then it still has other things to do.

For a start, Apple can improve its security updates, which lag behind the rest of the industry. In the current instance, which exploited a Java flaw, Apple patched a vulnerability in April that Oracle and others fixed in February. Often, Apple is even further behind.

Apple should also improve its processes so that it writes more secure software, as Microsoft did a decade ago. Again, this would also improve the Windows security ecosystem, since Apple programs -- along with Adobe software and Oracle's Java -- are among the most vulnerable installed on most PCs.

It remains to be seen whether Apple will go through the sort of malware crisis that led Microsoft to develop the SP2 to save Windows XP. After all, Mac OS is still a very small target compared with XP, where malware authors can profitably exploit security holes that Microsoft fixed at least two years ago. (The incidence of Conficker in large organisations, for example, proves that it's not just naive end users who are either too stupid or too incompetent to use some form of Windows Update.)

Apple malware flourishes in a culture of denial | ZDNet UK

Let's hope Apple gets the message now, rather than waiting until its brand name is further tarnished in The New York Times.

some of these apple users proved their stupidity with instagram. this was bound to happen at some point due to the money apple is making now

My trackpad was !!ing up and moving all over the place without me doing anything ... got freaked out someone hacking into my !! ... did'nt want any dirty pics of my girl leaking out on the internet [pic]

knew it'd only be a matter of time and apple needs to get off their[..]es and fix these issues. it's sort of scary how long it has taken for them to work out a patch for some of these things


however, with that all said. how hard is it for a person to have an antivirus program. that's a no-brainer for me. kaspersky w/ malwarebytes>>>>>

Most mac users I know don't have an anti-virus because of the whole "they can't get viruses" bull!!.

Nowadays Mac laptops sales have increased and shortened the gap, especially with less people buying PCs and purchasing smartphones. It was bound to happen.

The difference in architecture is also another reason why PCs are targeted, too.

U do realize windows pc as a whole outsold macs. !! all the pc laptop sales combined outsold macbook. Talking about shortened the gap. They shorten the gap from 5% to 13% market share. !! the only thing apple product that is outselling combined laptop sales are ipads.

[pic]

How are people getting this virus? I switched to macs 5 years ago and so far I've had no problems with malware.

I have window 7 and have no problems with malware.

yeah last time i got a virus on windows was when napster and kazaa were out, u just have to semi know what ur doing, never really understood why people like to be apple groupies