malware
Latest
Adobe changes tune on CS5 updates, won't seek paid CS6 upgrade to patch vulnerabilities
Things have gotten interesting in the world of CS updates. Recently, Computerworld reported that Adobe had informed folks using an older version of its famed Creative Suite -- CS5 and CS5.5, to be exact -- they'd have to shell out the CS6 upgrade fee in order to get a fix for some recently discovered bugs. Apparently, Adobe took notice to its customers' dissatisfaction and updated its initial blog post with a changed tune, stating, "We are in the process of resolving these vulnerabilities in Adobe Photoshop CS5.x, and will update this Security Bulletin once the patch is available." The same is true for both Illustrator and Flash. This kerfuffle started after Adobe handed out warnings for eight "critical" vulnerabilities found in certain versions of the three applications -- some of which are said to be exploitable and could potentially be used to "take control of the affected system." We'll see how it all plays out over the upcoming days, but in the meantime hit the links below to see if you need to take any action. James Trew and Joe Pollicino contributed to this post.
Daily Update for May 1, 2012
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get all the top Apple stories of the day in three to five minutes for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the inline player (requires Flash) or the non-Flash link below. To subscribe to the podcast for daily listening through iTunes, click here. No Flash? Click here to listen. Subscribe via RSS
Flashback was earning about $10K per day
People often wonder about what motivates the creators of malware. In the case of the Flashback malware that infected several hundred thousand Macs, it turns out that the motivator was money. A post on the Symantec official blog listed the stages of infection from Flashback: A user visits a compromised website. The browser is redirected to an exploit site hosting numerous Java exploits. CVE-2012-0507 is used to decrypt and install the initial OSX.Flashback.K component. This component downloads a loader and an Ad-clicking component. That ad-clicking component is what made the money for the scoundrels who wrote the malware. As the Symantec post explains, the malware specifically targets searches made on Google. Depending on the search query, the malware redirected the Mac user to another page chosen by the attacker, and the attacker received revenue from the click-through. Since Google never received the intended ad click, they lost revenue. Symantec analyzed a similar botnet last year and determined that about 25,000 infected machines could net the attacker about US$450 per day. Based on the breadth of the Flashback attack, they estimated that the malware was earning its creators almost $10,000 per day. If you haven't updated your Mac to counteract a possible Java malware attack, or run Apple's free tool for removing the malware from Macs that don't have Java installed, be sure to run Software Update as soon as possible to protect yourself. [via Macworld]
Oracle providing direct Java support for OS X, updates to be more timely
Macworld and Ars Technica reported late yesterday that Oracle has announced direct support of Java for OS X. This appears to be a reaction to the rather widespread outbreaks of malware that took advantage of exploits in Java before Apple was able to provide an update. This change has been anticipated for some time, as Apple did not include its own Java in Lion by default. Like the other platforms where Java works, Oracle will be providing updates for future versions of OS X. Oracle's Henrik Stahl announced that the company will be updating Java for the Mac directly and on a release schedule concurrent with other platforms such as Windows, Linux, and Oracle's Solaris OS. Stahl also announced that the Java Development Kit 7 and JavaFX Software Development Kit 2.1 for OS X are now available for download. Support for the Plugin and Web Start elements of Java won't be available until later in 2012 when JDK 7 Update 6 arrives. Oracle also noted that the new versions of Java will only support OS X Lion and higher. [via The Verge]
Kaspersky Lab: Apple is '10 years behind Microsoft' on security
Kaspersky founder and CEO Eugene Kaspersky told Computer Business Review that malware targeting the Mac is beginning to grow and Apple needs to take notice. The CEO said Apple is "ten years behind Microsoft in terms of security," and asserts that Apple must change its approach towards security soon. He said, Apple "will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software." I don't have any doubt that Apple will be able to plug holes that may be discovered in OS X or third-party software, just like it did with the latest Flashback exploit that targeted a Java vulnerability.
Twenty percent of Macs examined infected with Windows malware
Sophos looked at 100,000 Mac computers and found that one in every five has some form of malware. This might sound alarming, but before you stare at your machine in disgust, you should get some perspective. The survey looked at 100,000 OS X machines that are running Sophos's free Mac anti-virus software. Sophos found that this 20 percent figure is for malware that targets Windows-based computers. Though it can be used as a vector to infect other Windows machines, it won't affect Mac users on OS X. Sophos did find that 1 in 36 Macs (2.7 percent) were infected with OS X malware. Though less than 3 percent may be concerning, it's not as alarming as the 20 percent figure that's making its way into headlines.
Kaspersky Lab: Macs not invulnerable to malware
The writing is on the wall. Our time of innocence is gone. Researchers from Kaspersky Labs claim Mac market share has finally reached the critical point, and the platform is now an attractive target for online criminals. Kaspersky told Ars Technica and other press on Thursday that, "Mac users can expect "more drive-by downloads, more Mac OS X mass-malware, and more cross-platform exploit kits with Mac-specific exploits." It's not all doom and gloom. Infections in the wild are still sparse, and Apple may slow the spread of future threats with the introduction of Gatekeeper in Mac OS X Mountain Lion. Among other things, Gatekeeper will prevent users from "unknowingly downloading and installing malicious software." If you don't want to wait for Gatekeeper, there's also several good antivirus solutions like Avast and Sophos that are available now for Mac users to download.
Flashback infections down from over half a million to under 150,000 in eight days
According to Symantec, the OSX.Flashback.K infection is declining each day. The current number of infected Macs is now around 140,000, down from 600,000 a week ago. If you think you may be infected, you can run a Flashback removal tool from either Kapersky or F-Secure. Apple also has a tool for Lion users without Java installed. OS X users should install the latest Java update from Apple which will protect you from a future infection.
Around 140,000 Apple machines still infected with Flashback malware, says Symantec
By now, we're all quite familiar with the Java-driven trojan that's affected thousands of Apple's rigs, and while the numbers seem to have drastically dropped since the first Cupertino fix, there's still a plethora of machines carrying the bug. According to Symantec, the number of infected computers is now at around 140,000, seeing a decline of over 460,000 since April 9th. Still, the security outfit remains puzzled by the fact, as it expected the digits to be somewhere near the 99,000 mark by now. Perhaps this is due to some folks not even being aware of Flashback's existence, or maybe not checking for software updates as often as most of us. Either way, we hope you've already used one of the tools Apple handed you.
Apple issues Flashback removal tool for 10.7 Lion systems not running Java
The Flashback OS X trojan continues to cast a rainy shadow over Mac owners' sense of security, and even though a fix has been released, this was only for what Apple considered "the most common variants." Users of Lion, who don't have Java installed, weren't included in that initial run, but there is a new removal tool just for them. So, if you're running 10.7 and never installed Oracle's virtual machine, make sure you point your browser at the source link below.
Apple releases fix for Flashback malware
It promised earlier this week that a fix was coming, and Apple has now delivered a Java security update that is says removes "the most common variants of the Flashback malware." That update also reconfigures the Java web plug-in to disable the automatic execution of Java applets by default (in Lion, at least -- those still on Snow Leopard are advised to do that themselves), although folks can re-enable that functionality if they choose. As usual, OS X users can download the update through the Software Update application.
Java for OS X 2012-003 update kills Flashback malware, available now
Just this morning we noted that Apple had not yet come out with a tool to kill the Flashback malware, and that Kaspersky and F-Secure had both developed their own free tools. This afternoon, Apple released Java for OS X 2012-003 to remove "most common variants of the Flashback malware." According to the update notes, the Java web plug-in is also configured to disable the automatic execution of Java applets -- that's another way to keep malware like Flashback from spreading. Apple says that "This update is recommended for all Mac users with Java installed." Note that the link about the update was not live at the time of publication, but was listed as http://support.apple.com/kb/HT5242. You can get the update directly from Software Update.
Flashback malware removal tools released by security firms
While Apple has said it "is developing software that will detect and remove the Flashback malware" that has affected up to 600,000 Macs worldwide, it has yet to release any fix. In lieu of that a few security and antivirus firms have gone ahead and released their own Flashback removal tools. Kaspersky Lab, a Russian antivirus firm, has released the Flashfake Removal Tool. The firm asks that you first check here to see if your Mac is infected with Flashback. If your Mac is, then you can download Flashfake to rid your Mac of the malware. A second antivirus firm, F-Secure, has also released their own Flashback Removal Tool. Their tool works by creating "a log file (RemoveFlashback.log) on current user's Desktop. If any infections are found, they are quarantined into an encrypted ZIP file (flashback_quarantine.zip) to the current user's Home folder. The ZIP is encrypted with the password 'infected.'" Before Kasperky Lab's and F-Secure's removal tools, users had to manually remove the malware by using OS X's Terminal, which some might have found confusing. There's no word from Apple yet on when their own removal tool will become available.
Apple publishes support page for Flashback malware, is working on a fix
After the Flashback / Flashfake Mac trojan was exposed by Russian site Dr. Web, Apple has finally responded by publishing a support page about the issue and promising a fix. If you haven't heard by now, the malware exploits a flaw in the Java Virtual Machine, which Oracle pushed a fix for back in February, but Apple didn't patch until a botnet consisting of as many as 650,000 Macs was identified on March 4th. Antivirus maker Kaspersky has confirmed the earlier findings, and released a free tool affected users can run to remove the trojan from their computers. Other than the update already delivered for computers running OS 10.6 and 10.7 Apple recommends users on 10.5 and earlier disable Java in their browser preferences. What isn't mentioned however, is when its fix is incoming or any timetable on its efforts with international ISPs to cut off the IP addresses used by the network. This is not the first time Macs have fallen prey to malware and as their market share grows will likely not be the last, so don't think just opting for OS X is automatically keeping you a step ahead security-wise. Check the links below for more information about what the malware does, and how to get rid of it.
How to find/remove the Flashback trojan
According to Russian antivirus firm Dr. Web, over 600,000 Macs worldwide are infected with the Mac flashback trojan. The trojan can be installed if you visit a malicious website, and it will attempt to connect your Mac to a botnet. Fifty-seven percent of infected machines are located in the US and 20 percent are in Canada. There are even 24 infected machines supposedly connected to the botnet from Apple's Cupertino campus. This trojan targets a Java vulnerability in Mac OS X that was recently patched. It should be noted that in OS X 10.7 Lion, Java isn't included by default; only those who have deliberately installed it are potentially vulnerable to this exploit (or those running Snow Leopard or earlier OS X versions). If you installed it at some point but no longer have a reason to run Java, you should probably turn it off completely or at a minimum disable it in Safari. F-Secure has provided a set of diagnostics that'll let you know if you have been infected. If you have the malware on your machine, F-Secure's page can walk you through the steps to remove the infection. Thanks to everyone who sent this in. [Via The Loop]
OS X malware used to spy on pro-Tibetan charities, reminds us all to keep updated
Pro-Tibetan organizations that use Macs have discovered that their data has been accessed thanks to malware-based siphoning more commonly associated with Windows machines. Security expert Jamie Blasco revealed that two separate backdoor trojans can breach OS X if infected Word documents (yes, we know) or emails are opened. However, those who regularly keep up with security updates shouldn't be too concerned: both holes were patched before the end of last year, although that's scant relief for those whose privacy has already been infringed.[Thanks, Charles]
Macs are being spied on just like Windows machines
Any tech savvy Windows user is familiar with the term backdoor trojan; either they've been infected with one themselves or know someone who has. Now, it's time for Mac users, especially those who work for entities that are targets for corporate or military espionage, to become more aware of this threat says a report in Ars Technica. According to Ars who spoke to Jaime Blasco of security firm Alien Vault, two backdoor trojans that infect Mac computers have been discovered in the wild. These trojans target the employees of several non-governmental, pro-Tibetan organizations and exploit a security hole in Microsoft Office and Oracle's Java framework. The holes have been patched, but apparently the security fixes closing them were not applied in this infection. Once installed, the trojans send user and domain information to a central server owned by the people who created the malware. The trojans then sit in the background awaiting instructions. This is only one report of such targeted attacks, but Blasco believes this won't be last. As companies and governments move from Windows to Macs to avoid security problems with Windows, it only makes sense that Macs will become the next target.
U.S. Department of Defense preps cyber rules of engagement, plans to work more closely with ISPs
The Pentagon left no room for argument last year when it declared cyber attacks a potential act of war. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," a military official reportedly remarked. Yikes. Before we start bombing chimneys, however, the Department of Defense plans to draft up some relevant guidelines, noting in a recent House Armed Services Committee hearing that it will be delivering a set of cyberspace-specific rules of engagement in the coming months. "We are working closely with the joint staff on the implementation of a transitional command and control model for cyberspace operations," said Madelyn Creedon, assistant secretary of defense for Global Strategic Affairs. In addition to setting ground rules for cyber-engagements, the DOD also plans to expand efforts to share classified information on possible threats with internet service providers and defense contractors.
PSA: Beware of malware-infected copies of Mari0
Some things are just too powerful for mankind to have in its power, such as Mari0, the Super Mario Bros./Portal crossover from Stabyourself.net. The development team has warned players that there is a version of Mari0 with malware circulating the net, and the only safe place to download the game is directly from Stabyourself.net, of course.Paradise comes at a price, people. Remember that and play safe.
Switched On: Mountain Lion brings iOS apps, malware traps
Each week Ross Rubin contributes Switched On, a column about consumer technology. According to Wikipedia, the mountain lion, also known as the cougar, is distinguished by having the greatest range of any large wild terrestrial animal in the Western Hemisphere. Indeed, from what we've seen so far of Apple's forthcoming Mac operating system, its new features will likely find favor with a broader range of Apple users than Lion.
