Apple releases second Flashback patch

Powered by SC Magazine
 

Trojan infects more than 32,000 Australian machines.

Apple released a second security update on Friday in its continuing battle against the Flashback trojan, which already has infected nearly 650,000 Macs worldwide, including 32,527 in Australia.

The computing giant may have found a glitch in its first update for Java, which contained a vulnerability that enabled the spread of Flashback. That forced Apple to follow up with a second patch, which is only for Mac OS X 10.7 (Lion), according to a blog post from security firm Intego.

Although the creators of Java, Oracle, released fixes for Java in February, Apple's response was delayed, said Charles Miller, principal research consultant at security consulting firm Accuvant Labs.

“They have a habit of taking a long time to supply patches [for third-party products], which always puts their users at risk,” Miller said.

“I hope that this outbreak will help them to see this point and they will hurry up their patching in the future.”

A user's computer can become infected with Flashback by simply visiting a bogus web page, an attack known as a drive-by-download.

Anti-virus software would be able to alert users of an infection, but outside of that, chances are Mac users would not notice the silent attack, according to Mikko Hypponen, chief research officer at F-Secure.

Once installed on the machine, Flashback is capable of a number of malevolent actions, including stealing data, hijacking search results and installing additional malware, though it doesn't seem to be targeting personal information just yet, according to experts.

“Versions of Flashback have been around for months, but this is the first one which uses an exploit to infect you,” Hypponen said.

“From the user's point of view, the difference is that the user does not need to be tricked into entering a root password for them to get infected [as was the case with previous variants]."

After experts at Russian antivirus vendor Dr. Web were able to “sinkhole” one of the botnet's command-and-control hubs, they were able to tap into the traffic, redirecting it to their own server, which allowed them to then count the number of compromised machines.

Dr. Web reported last Wednesday that Flashback had infected 600,000 machines globally, including 303,440 in the US;

On Thursday, Igor Soumenkov, a Kaspersky Lab malware researcher, confirmed the numbers, according to a blog post, after his lab set up its own sinkhole.

“We were able to calculate the number of active bots,” Soumenkov wrote. “Our logs indicate that a total number of 600,000-plus unique bots connected to our server in less than 24 hours.”

Although they could not confirm or deny that the bots connected to the Kaspersky server were running Mac OS X, Soumenkov added that through fingerprinting techniques, “more than 98 percent of incoming network packets were most likely sent from Mac OS X hosts.”

However, he did qualify his remarks. “Although this technique is based on heuristics and can't be completely trusted, it can be used to make order-of-magnitude estimates,” he wrote.

According to market researcher, NetApplications, Windows is the most popular operating system in the world, running on more than 90 percent of computers, indicative of the attention malware authors place on it.

But cyber criminals likely will take note of the size of the Flashback botnet and thus more earnestly consider OS X as a viable target, said Miller.

“As more people buy Macs, malware authors will follow along too,” he said. “It might be time to think about getting anti-virus for your OS X systems.”

An Apple spokesperson could not be reached for comment.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Apple releases second Flashback patch
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1496

Vote