New, sneakier Flashback malware infects Macs
Ditches all attempts at duping users with social engineered tactics, exploits Java bug through drive-by attacks
Computerworld - A new, sneakier variant of the Flashback malware was uncovered yesterday by the French security firm Intego.
Flashback.S, which Intego described Monday, uses the same Java vulnerability as an earlier version that has infected an estimated 820,000 Macs since its appearance and still plagues over 600,000 machines.
But unlike Flashback.K, the variant that first surfaced last month and has caused consternation among Mac users, Flashback.S never asks the victim to enter an administrative password for installation, but instead relies only on the silent exploit of the Java bug to sneak onto the system.
"The differences are very subtle," Peter James, a spokesman for Intego, said in an interview Tuesday. "There's no password request [by Flashback.S]."
Flashback.K used different infection tactics: Even though it exploited the same Java vulnerability -- identified as CVE-2012-0507 -- it also displayed the standard OS X password-request dialog. If users entered their password, the malware installed itself in a different location, where it was even harder to detect.
The hackers responsible for Flashback appear to be making money through click fraud, where large numbers of people are redirected to online ads not normally served by the site the user is viewing. The criminals receive kickbacks from shady intermediaries for each ad clicked.
The Java flaw used by both Flashback.S and the earlier Flashback.K was patched by Oracle in mid-February, but Apple, which maintains its own edition of Java for OS X and so is responsible for patching Java bugs, did not issue its fix until April 3, seven weeks later.
Users are infected by Flashback.S when they browse to compromised or malicious sites; the tactic is called a "drive-by" to reflect the lack of required user action beyond steering to a URL.
Some security experts have traced the Flashback infections to tens of thousands of hacked sites and blogs running WordPress.
Because Flashback.S uses different names for the files it drops on a Mac, and installs those files in a different location than Flashback.K, it's possible that the malware seek-and-destroy tool Apple released April 12 won't eradicate the variant.
James said that Intego was not able to confirm whether Apple's tool removes Flashback.S.
It wouldn't be a surprise if Apple's tool did not eliminate Flashback.S: Last year, cyber criminals and Apple went several rounds over MacDefender, a family of fake antivirus programs that wriggled onto a large number of Macs. Several times, the hackers responded to Apple moves by modifying their tactics or code to sidestep just-deployed defenses.
Flashback is easily the most widespread and pernicious malware Mac owners have yet faced.
After a counting controversy, security companies last week agreed that the tally of infected Macs -- thought to have dropped to as low as 30,000 -- was in fact wrong, and that approximately 650,000 machines still harbored the malware.
- Hands on: Apple's Mac Pro is the fastest Mac ever
- Apple CFO to retire in September after he cashes in $53M stock award
- Apple's CarPlay to spark mobile apps war in your car
- Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks
- Apple patches critical 'gotofail' bug with Mavericks update
- Why Apple needs a $700 MacBook Air
- Apple takes top spot in brand value computation
- Apple gets a patent for health-monitoring ear buds
- Apple shifts to hardware-first TV strategy with revamped set-top box
- iTunes is almost as big a biz as OEM Windows
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts