07.04.2012, 16:03
Nie cytowałem, ale czytałem również informacje, że jest to chyba największa infekcja na Mac...nawet Mac Defender ze swoją ilością odmian w zeszłym roku nie był tak groźny i powszechny...więcej nawet padły i takie określenia, że 1 na 100 komputerów z systemem OX S jest zarażony czyli wychodzi tak 1% wszystkich maszyn na świecie - dla porównania największa infekcja na Windowsy to chyba było szacunkowo "zaledwie" 0,7%.
Dlaczego ten trojan jest jeszcze tak groźny...parę cytatów tylko o nim i ogólnie o samym systemie Mac i polityce Aple
Dlaczego ten trojan jest jeszcze tak groźny...parę cytatów tylko o nim i ogólnie o samym systemie Mac i polityce Aple
Cytat: Flashback was initially discovered in September 2011 masquerading as a fake Adobe Flash Player installer. A month later, a variant that disables Mac OS X antivirus signatures updates was spotted in the wild.
In the past few months, Flashback has evolved to exploiting Java vulnerabilities. This means it doesn’t require any user interventionif Java has not been patched on your Mac: all you have to do is visit a malicious website, and the malware will be automatically downloaded and installed.
Another variant spotted last month asks for administrative privileges, but it does not require them. If you give it permission, it will install itself into the Applications folder where it will silently hook itself into Firefox and Safari, and launch whenever you open one of the two browsers. If you don’t give it permission, it will install itself to the user accounts folder,where it can run in a more global manner, launching itself whenever any application is launched, but where it can also more easily detected.
[Aby zobaczyć linki, zarejestruj się tutaj]
Cytat: Macs are not immune. For years Apple owners have been told that Macs don’t get viruses, but we know that’s not true. And Apple’s casual approach to security updates makes them arguably more vulnerable to this sort of attack than other platforms. Like all operating systems, OS X has its share of vulnerabilities that can be exploited. In that May 2011 post, I looked at a single OS X update, which repaired 23 separate vulnerabilities:
Every one of the vulnerabilities in the April update had existed in OS X for a minimum of 18 months before being patched. Every entry on that list was capable of executing hostile code on an unpatched system with little or no user interaction. If an attacker develops a successful exploit of one of those vulnerabilities, your system can be compromised, silently and with deadly effect, if you simply download a document, view a movie or image, or visit a website.
That’s an awfully big window of opportunity. And that pattern is found in other OS X updates.
Third-party software is an ideal vector. The current exploit is triggered by a known flaw in Java, which was installed on every copy of OS X until the release of Lion (OS X 10.7) last summer. The flaw was reported in January and patched by Oracle in February, but the Apple version of Java didn’t get a patch until early April. So for several months, every Mac owner was vulnerable unless they took specific steps to remove or disable Java.
Security expert Brian Krebs points out that this behavior by Apple is sadly typical:
Apple maintains its own version of Java, and as with this release, it has typically fallen unacceptably far behind Oracle in patching critical flaws in this heavily-targeted and cross-platform application. In 2009, I examined Apple’s patch delays on Java and found that the company patched Java flaws on average about six months after official releases were made available by then-Java maintainer Sun. The current custodian of Java – Oracle Corp. – first issued an update to plug this flaw and others back on Feb. 17. I suppose Apple’s performance on this front has improved, but its lackadaisical (and often plain puzzling) response to patching dangerous security holes perpetuates the harmful myth that Mac users don’t need to be concerned about malware attacks.
Similar recent attacks have successfully targeted vulnerabilities in Word on Macs. And there’s no reason not to expect attacks against other vulnerabilities in other popular third-party products like Adobe Reader and Skype.
Older Macs are especially vulnerable. According to the latest Net Market Share data, 17% of Macs worldwide are running Leopard (OS X 10.5) and Tiger (OS X 10.4), older versions of OS X that are no longer officially supported. The Java update that blocks this exploit is available for Leopard, but at least one Leopard user I spoke with says it hasn’t been offered to his Mac via Apple Software Update. The last Java update offered to users of these older Mac versions was in June 2011.
[Aby zobaczyć linki, zarejestruj się tutaj]
Cytat: What exactly is Flashback?
Flashback is a form of malware designed to grab passwords and other information from users through their Web browser and other applications such as Skype. A user typically mistakes it for a legitimate browser plug-in while visiting a malicious Web site. At that point, the software installs code designed to gather personal information and send it back to remote servers. In its most recent incarnations, the software can install itself without user interaction.
(...)
How did it infect so many computers?
The simple answer is that the software was designed to do exactly that. In its initial incarnation, the malware looked very similar to Adobe''s Flash installer. It didn''t help that Apple hasn''t shipped Flash on its computers for well over a year, arguably creating a pool of users more likely to run the installer in order to view popular Web sites that run on Flash. In its newer Java-related variants, the software could install itself without the user having to click on anything or provide it with a password.
(...)
What has Apple done about it?
Apple has its own malware scanner built into OS X called XProtect. Since Flashback''s launch, the security tool has been updated -- two times now -- to identify and protect against a handful of Flashback variants.
A more recent version of the malware, however, got around XProtect by executing its files through Java. Apple closed off the malware''s main entry point with a Java update on April 3.
Of note, the Java security fixes are only available on Mac OS X 10.6.8 and later, so if you''re running OS X 10.5 or earlier, you will still be vulnerable. Apple has stopped supplying software updates for these operating systems.
[Aby zobaczyć linki, zarejestruj się tutaj]
Cytat: Here''s how Apple''s silence on security contributes to the problem:
Apple doesn''t allow Oracle to patch Java. The latest round of malware could have been avoided with faster patching. Since Apple likes to control its patching it is often behind. The window of exposure on the Mac platform is longer. The easy fix here is to let Oracle do the patching.
Apple has a rudimentary antivirus update utility that''s updated with signatures only when there''s a big enough threat. Apple knew about Flashback, which has been pointed out by security researchers, but didn''t ship an update.
Apple users have no idea if they are infected and don''t know how to search. Why would they know? Apple has told them there are no viruses on the Mac. This false sense of security is the primary reason Apple needs to start talking. Apple users are smug about security.
Anti-virus vendors can''t provide protection to the Mac because users don''t think they are needed.
Security industry insiders have known the Mac platform has its holes, but Flashback is the first in-the-wild issue that''s confirmed and big. More will follow unless Apple becomes more proactive.
[Aby zobaczyć linki, zarejestruj się tutaj]
Na koniec dla tych, którzy nie wiedzą, że Mac nigdy właściwie nie był do końca bezpieczny[Aby zobaczyć linki, zarejestruj się tutaj]
"Bezpieczeństwo jest podróżą, a nie celem samym w sobie - to nie jest problem, który można rozwiązać raz na zawsze"
"Zaufanie nie stanowi kontroli, a nadzieja nie jest strategią"
"Zaufanie nie stanowi kontroli, a nadzieja nie jest strategią"