Apple Watch

News from the Apple world

Mac Planet: Be afraid - Mac malware

7 comments
Photo / Supplied
Photo / Supplied

A little bit afraid, anyway. The long predicted susceptibility of the Apple ecosystem to viruses and malware has finally arrived. Apple haters rejoice, Apple users ... just install some free antivirus and forget about it, it's really not a very big deal yet.

About three years ago, Apple starting warning people, albeit quietly, that they should start thinking about anti malware software on their Macs.

Around the same time, Apple started making a few key security hires like David Rice, with his Master of Science in Information Warfare and Systems Engineering from the Naval Postgraduate School. Rice was hired as Apple's new director of global security in January 2011.

Before that, Apple headhunted Ivan Krstic to work on securing Mac OS X - his former post was head of security for the One Laptop Per Child project.

In 2010, Apple snagged Window Snyder, formerly Mozilla's security chief, as senior product manager for security, and Jon Callas, former CTO of encryption software maker PGP (which is now part of Symantec).

In 2011, news broke that malware had arrived for OS X. Cleverly bypassing the difficulty of installing into the pretty secure Mac systems, the malware tricked you into doing it yourself. It started with a website telling you it detected malware on your computer.

As a Mac user, your reaction should have been 'Yeah, right!' but some people, insecure and perhaps survivors of attacks in the PC world, clicked a button to 'scan' their hard drive. Again: yeah, right!

Cue a little animation - and that's all it was - telling you it was scanning your HD, which it was not. Then it 'found' something, which it also did not. It was a preset part of the animation. Then came the really clever part: put in your credit card details and this site would 'clean' your Mac.

Genius. You then allowed the installation of malware and, perhaps worse, you'd given your credit card details to a scammer.

But this threat was quickly wrapped up - I actually wrote about it at the time as I was in the UK and I managed to talk to, and visit, British security experts Sophos at their Oxford headquarters.

But the more recent Flashback malware was a scarier beast. The Flashback malware was found to be infecting over 650,000 Macs at its peak - I even found it on a Mac in Albany, representing the first time in 13 years I have actually found a virus.

The OSX.Flashback.K trojan, believed to be the largest Mac infection so far, was designed to steal page views and advertising revenue from Google.

Once installed on your machine, the trojan loaded an 'Ad-clicking component' that intercepted all search requests from your web browser and diverted your traffic to a page nominated by the creators ... where they receive revenue from any visit - not from you, either.

From Google ad clients. It didn't actually harm you or get anything from you, it just added to revenue-clicks for someone else from someone else. Really dodgy, of course.

It worked, too, earning its creators up to $10,000 a day, according to security specialists Symantec.

The Flashback ad-clicking component was loaded into Chrome, Firefox, and Safari where it intercepted all GET and POST requests from the browser.

The malware was clever enough to use a special user agent designed to avoid investigations. Cult of Mac has a lot more detail on it.

Kapersky, the Russian lab that first discovered the Trojan, announced shortly after that Apple was ten years behind Microsoft on security, stating Apple needs to alter its security approach if it's going to fend off a coming wave of attacks.

After all, Mac use has risen dramatically, making the sector a much more attractive target.

My immediate reaction was 'ten years of no threats means Apple is ten yours behind? Hah!' That said, Apple has copped criticism for releasing patches too slowly.

Apple eventually responded with a free scanner, and I do recommend installing every Security Update Apple releases via Software Update, but the best solution I found quickly scanned your Mac and removed the software if it was present. So if you are worried, I'd do that, since it was released by the aforesaid Kapersky lab. The Flashfake removal tool is a tiny download from this link.

So there was much ado, with not all that much to worry about - the malware didn't damage your Mac or compromise your privacy. But the lid of a Pandora's Box has been prised open a little bit more, for sure.

Meanwhile, of course, Macs can carry and pass on Windows malware. Sophos looked at 100,000 Mac computers and found one in every five carried some form of PC malware.

These OS X machines were running Sophos' free Mac anti-virus software, which I have tried and can recommend - I will put a link to it at article's end.

This means your otherwise secure Mac is a vector to infect other Windows machines, while not affecting us Typhoid Mary Mac users at all. Hardly neighbourly, though, is it?

In the same survey, Sophos found that 1 in 36 Macs (2.7%) were actually infected with actual OS X malware - once again, their software deals to this.

If so, I hope Apple does, of course, but even iOS (the OS on the iDevices iPad, iPhone and iPod touch) has security issues, and the latest update iOS 5.1.1 was aimed at a spoofing problem in Safari: There has been an exploit in which a maliciously crafted website may be able to spoof the address in the location bar

This could be used to direct the user to a spoofed site that looked like a legitimate domain. This issue is addressed through improved URL handling and the issue did not affect OS X (Mac) systems.

So run that update, too. Apple's document on this issue is online.

OK, so the malware threat for Apple users has been rising. Will it rise further? It depends on how successful recent attempts were, and on how susceptible us users are (in other words, Apple has to step up). There are paid anti-virus packages for Mac, but I find them clunky, obtrusive and they slow my Mac down. I hate that.

iAntiVirus is by an Australian company that recently got bought by Nortons. The software was fast and free, but it's gone, more's the pity, but it looks like it may be back soon, as the site implies.

Sophos is a huge global anti-malware company with its HQ in England - the recent free anti-virus is very strong.

Good luck, soldier.

Have your say

We aim to have healthy debate. But we won't publish comments that abuse others. View commenting guidelines.

1200 characters left

Sort by
  • Oldest

© Copyright 2014, APN New Zealand Limited

Assembled by: (static) on red akl_n2 at 18 Sep 2014 12:03:46 Processing Time: 501ms