Flashback trojan brings up Apple Macintosh vulnerabilities

Alfred Siew

Remember those funny Apple ads that said Macs don’t suffer from viruses and other malware, like your lousy, uncool PC?

Well, this week, in the biggest security threat yet to Apple’s computers, some 600,000 Macs were said to be affected by the Flashback trojan, which could steal passwords and other personal information from unsuspecting users.

The good news is that the malicious software is now “trending down”, according to an advisory put out today by security firm Symantec, but it estimates that as many as 270,000 machines are still infected with it.

The Flashback malware pretends to be a plug-in for an Internet browser, which once installed by an unsuspecting user, can go on to steal information such as passwords, allowing a hacker to gain access to a user’s computer and other private data.

Once in, he can also gain control of the Mac and use it as a “zombie” machine to initiate attacks on other machines or Internet service providers. To fix the problem, Symantec advises users to download a free software tool from its website to get rid of the malware.

On its part, Apple has provided patches to cover up the security hole, after a rare admission this week of the Mac OS’s vulnerability. But the reputation of Macs as somehow impervious to malware has been dealt the biggest blow yet.

Ironically, while Windows PCs have been souped up with regular updates in recent years to fight the scourge of malware, many Mac users may now be exposed because they do not have the same timely, pro-active patches from Apple and their growing numbers simply mean they are a more attractive target for malware authors.

Indeed, Apple may have made the Flashback issue worse, by being slow to patch up security holes on users’ machines.

In this case, the malware targets the Java software that is made by Oracle. But while Oracle has pushed out updates in February to PC and other users after it found out about the security issues, Apple only rolled out its own patch on Wednesday – more than  eight weeks later. The reason: it had refused to let Oracle push out the updates directly to Mac users.

It does not help either that Apple censures - rather than thanks – its own developers for bringing up security issues on Apple OSes. Last year, an iOS developer had his account banned after he demonstrated security breaches with Apple’s software.

While savvy Mac users w0uld have been smart enough to avoid downloading suspicious software, the worry now is that the majority of these Apple users may become easy targets for malware authors because they are less prepared for such attacks.

Sure, Symantec, which makes the Norton anti-virus software, stands to sell more copies by raising the alarm. But it makes a lot sense with this quote from its Norton Internet Safety Advocate Marian Merritt:

The Flashback Trojan is a wake-up call for everyone who’s online – no matter what platform or device they use.

No operating system is immune to malware attack and whether you’re using a PC, Mac, tablet or smartphone, you should have security precautions in place. For example, anyone running a current version of Norton security software was already protected against this Trojan.