Russian researchers have discovered a botnet of more than 600,000 Macs. Yes, Macs -- you know, those things that don't get malware. Apple (NASDAQ:AAPL) is coming under heavy criticism for its slow response to known vulnerabilities and for perpetuating the myth that OS X is malware-free. In IT Blogwatch, bloggers rush to grab the update.
[Update 3: Is the number accurate? Why is this a big deal? What's the botnet doing?]
By Richi Jennings: Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Almost gliding an Airbus into LAX...
Dan Moren reports in measured tones:
It can now infect your computer from...a visit to a website. ... The latest variant...takes advantage of a weakness in Java SE6...CVE-2012-0507, allows the malware to install itself from a malicious website...without needing the user to enter an administrators password.
Apple has long been criticized for lagging...when it comes to updating Java for security patches.
...[But] theres no need for widespread panic.
Er, Dave Neal says it is time to PANIC:
[A] botnet...has hijacked an impressive 600,000 infected Macs. ... Infected web sites...range from some related to films through streaming television services to something called Gangstasparadise.
...[T]here might be four million compromised web pages...and cases of infection when visiting dlink.com.
The anonymous Russian gnomes at Dr. Web measured the botnet:
Attackers began to exploit [these] vulnerabilities to spread malware in February 2012. ... The vulnerability has been closed by Apple only on April 3. ... Most infected computers reside in the United States (56.6%)...Canada comes second (19.8%)...the third place is taken by the United Kingdom (12.8%)...and Australia with 6.1%...is the fourth.
...Mac users [should] download and install a security update released by Apple from support.apple.com/kb/HT5228.
Brian Krebs has strongly-worded criticism of Apple:
Apple stopped bundling Java by default in...Lion, [but] it offers instructions for downloading and installing [it] when users access webpages that use it.
...I cant stress this point strongly enough: If you dont need Java, remove it from your system. ... Apple maintains its own version of Java, and [is] unacceptably far behind Oracle in patching critical flaws. ... [Its] lackadaisical...response to patching dangerous security holes perpetuates the harmful myth that Mac users dont need to be concerned about malware.
And Adrian Sanabria backs him up:
Despite what Apple...would have you believe, Macs are not invulnerable...malware targeting OS X does exist. ... [The] operating system isn't a panacea when it comes to security - only less targeted. Until now.
...[If] accurate, such a large infection rate on Macs may change common perception of OS X as "virus-proof."
Update: Philip Elmer-DeWitt eats, if not crow, then some sort of dark-colored avian fauna:
Having written several times...about the relative security of Apple's...operating systems...I feel obliged to report that Mac OS X is under...the most serious malware attack to date.
Meanwhile, Mike Magee's minions mostly mock Macs:
Apple users will be suffering a crisis of faith, as...its faith-based security system failed to prevent [this].
...[H]apless Mac users...have mostly been twiddling their thumbs, satisfied with the impenetrable fortress...that Apple's machines are, for some reason, perceived to be.
Update 2: Dave Schroeder defends against the schadenfreudenistas:
[No] sensible person ever said "Macs don't get infected." ... It's just a lot less likely...even accounting for differences in marketshare.
Macs, as a whole, are indeed "more secure", in that still, to this day, you are far less likely...to become impacted with any malware than with Windows. Maybe someday this will change. ... The fact that single instances of Mac malware get so blown out of proportion, still, is ridiculous.
...The same advice and best practices for avoiding malware apply to Macs...and Mac users would do well to run current AV software.
F-Secures Mikko Hypponen...had some reservations about the numbers...[but] today said he confirmed...that they did count actual PCs, not IP addresses. ... Flashback uses a unique hardware-based User-Agent in it's requests.
Why is FlashBack important? ... Because unlike older Mac malware, it does not require any user interaction to infect. ... The key difference...is it uses exploits as opposed to just fooling you into typing in the root password. ... Its the first mass infection where Mac users are infected...[by] drive-by downloads.
...And what does Flashback actually do? ... [It's] hijacking Google search results...the Trojan manipulates Google search results returned to the infected Mac [to] generate cash...through referral programs.
Almost gliding an Airbus into LAX
Don't miss out on IT Blogwatch:
- Follow @richi, your humble blogwatcher, on Twitter
- Pretend to be richij's friend on Facebook
- Encircle richij on Google Plus
- Subscribe to the Computerworld Blogs newsletter
- Catch up with posts from the previous few days
Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. He's the creator and main author of Computerworld's IT Blogwatch, for which he has won ASBPE and Neal awards. He also writes The Long View for IDG Enterprise. A cross-functional IT geek since 1985, you can read Richi's full profile and disclosure of his industry affiliations.