Tag Archives: Apple

Researchers Estimate 600,000 Macs infected by Flashback Trojan





For anyone who doubted that Apple’s long grace period with cybercriminals is over, doubt no more: On Friday, researchers at Russian antivirus firm Kaspersky confirmed findings from another security firm earlier this week that more than 600,000 computers running Mac’s OSX are infected with the Flashback botnet, and half of those machines are in the United States.


Krebs On Security

The current custodian of Java – Oracle Corp. – first issued an update to plug this flaw and others back on Feb. 17. I suppose Apple’s performance on this front has improved, but its lackadaisical (and often plain puzzling) response to patching dangerous security holes perpetuates the harmful myth that Mac users don’t need to be concerned about malware attacks.



Kaspersky Lab

“The three month delay in sending a security update was a bad decision on Apple’s part,” said Kaspersky Lab’s Chief Security Expert, Alexander Gostev. “There are a few reasons for this. First, Apple doesn’t allow Oracle to patch Java for Mac. They do it themselves, usually several months later. This means the window of exposure for Mac users is much longer than PC users. This is especially bad news since Apple’s standard AV update is a rudimentary affair which only adds new signatures when a threat is deemed large enough. Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time! The problem is exacerbated because – up to now – Apple has enjoyed a mythical reputation for being ‘malware free’. Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security.”


DigiNotar SSL Certificate Hack

Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
Published: August 29, 2011 | Updated: August 29, 2011

Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported releases of Microsoft Windows. Although this is not a vulnerability in a Microsoft product, Microsoft is taking action to protect customers.

Microsoft has been able to confirm that one digital certificate affects all subdomains of google.com and may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. Microsoft is continuing to investigate how many more certificates have been fraudulently issued. As a precautionary measure, Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List.

All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Users of these operating systems will be presented with an invalid certificate error when they browse to a Web site or try to install programs signed by the DigiNotar root certificate. In those cases users should follow the instructions in the message. Microsoft will release a future update to address this issue for all supported editions of Windows XP and Windows Server 2003.

Microsoft is continuing to investigate this issue and may release future updates to help protect customers.


V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue.


Hackers may have obtained more than 200 digital certificates from a Dutch company after breaking into its network, including ones for Mozilla, Yahoo and the Tor project, a security researcher reported today.

The count is considerably higher than DigiNotar has acknowledged. Earlier this week, a company spokesman said that “several dozen” certificates had been acquired by the attackers.


Mac OS X can’t properly revoke dodgy digital certificates

Firefox and Thunderbird 6.0.1 released after the Mozilla team removed DigiNotar from their root program to protect users.

Backdoor Olyx

Microsoft Malware Protection Center

The recent emergence of rogue security software applications for Mac demonstrates how cybercriminals effectively use social engineering techniques to manipulate users’ responses – specifically, exploiting user’s fear of revealing sensitive information such as credit card details. This scare tactic evidently works regardless of the platform. While financial gain is primarily the motivation that drives elaborate schemes of Internet fraud, a threat that appears limited and specific to its target raises interesting questions about whether this threat is on a mission.


iTunes hack


iTunes hack goes global, new affected games identified

With Apple all but silent on the issue, it has been difficult to determine what may be the source of the problem. However, with the quantity of reports received now numbering over three dozen, a pattern has emerged: every game targeted is a free download, and the fraudulent charges are all due to in-app purchases.

For this reason, Betanews now has reason to believe that this particular hack affecting iTunes is likely sourced to an exploit existing in Apple’s in-app purchasing mechanism. It is the only similiarity between every report received.


iTunes hack widespread, and Apple appears to know about it

From the reports a pattern is emerging. Nearly every victim had a gift card balance on their account, and some have reported that their credit card and/or payment information had been removed from their account. This indicates that Apple likely is aware of the attacks, and is actively trying to protect its users.


Mac Malware

An AppleCare support rep talks: Mac malware is “getting worse”
By Ed Bott | May 18, 2011

Over the weekend, I got an e-mail from an AppleCare support rep, who was responding to my recent reports of Mac malware being found in the wild. At least one prominent voice in the Mac community dismisses these reports as “crying wolf.” The view from inside an Apple call center says it’s for real:

I can tell you for a fact, many, many people are falling for this attack. Our call volume here at AppleCare is 4-5x higher than normal and [the overwhelming majority] of our calls are about this Mac Defender and its aliases. Many frustrated Mac users think their Mac is impervious to viruses and think this is a real warning from Apple. I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls.

I contacted this person and arranged an interview. I’ve edited our conversation to remove any details that might identify this individual or the call center location, but otherwise this is a verbatim transcript.


Apple Mac malware

Graham Cluley at Sophos.

There’s been a lot of discussion in the media recently about the threat that malware poses on the Mac OS X platform. It’s clearly an emotive subject, with strongly held views on both sides.

To help some of the discussions, here’s a brief overview of some of the malware we have seen infecting Apple computers. From the early 1980s, right up until the present day, here are some of the highlights in the history of Apple Mac malware.


Apple OS X Spyware

Intego Security Alert

Malware: OSX/OpinionSpy
Risk: High
Description: Intego has discovered a spyware application that is installed by a number of freely distributed Mac applications and screen savers found on a variety of websites. This spyware, OSX/OpinionSpy, performs a number of malicious actions, from scanning files to recording user activity, as well as sending information about this activity to remote servers and opening a backdoor on infected Macs.
OSX/OpinionSpy is installed by a number of applications and screen savers that are distributed on sites such as MacUpdate, VersionTracker and Softpedia. The spyware itself is not contained in these applications, but is downloaded during the installation process.


Apple patches 58 bugs

Apple patched 58 vulnerabilities in its Mac operating systems Monday. http://support.apple.com/kb/HT3937

More than half of the vulnerabilities patched today, 32 out of the 58, were accompanied by the phrase “may lead to arbitrary code execution,” which is Apple’s way of saying that a flaw was critical and could be used by attackers to hijack a Mac. Apple does not assign ratings or severity scores to the bugs it patches, unlike other major software makers, such as Microsoft and Oracle.


The latest Snow Leopard update kills support for the Atom processor in an attempt to prevent users from performing a “hackintosh” on their netbooks.