DazzyD
20-05-2012, 09:50 PM
Despite the title I've chosen for the thread, I'm not about to get in to the Mac vs PC (or even Mac users vs PC users) debate as that is just a bit of rival banter and this subject is serious and could cause serious issues for Mac/Apple users.
Although there have a been a few sporadic malware attacks that have targeted the Apple community in the last couple of years, there's a new bad boy in town and he's already infected lots of machines. In fact, one security firm is suggesting that around of 12% of UK Mac/Apple devices have already been infected and the infection is spreading. And it needs to be stopped. Now, the one thing that is letting it spread is the cavalier attitude of the average Mac/Apple user with regards to security. They commonly hold the belief that Apple products are immune to attack due to the fact that Apple control every aspect of the OS, and not allowing third parties to mess with it, that Apple OS is watertight. Well, as the head of one computer security firm has stated "2012 will be remembered as the year Apple Mac was cracked."
This might sound like the trailer to a film but it's not. It's real. The threat comes from trojan "Backdoor.Flashback.39". It's been infecting Apple devices (not just Macs but also iPhone and iPad) for a while but, because of the scale of the attack, it's only started to get noticed recently. It exploits a flaw in Java which lets the hackers get root level access to the device and can monitor the user's activity and then send the results back to the hacker. It can identify and harvest bank details, passwords, even secret question answers such as the user's mother's maiden name. This information can make a lot of money for the hackers and cause a lot of problems and stress for the victim. And, if this doesn't sound bad enough, the worst part is just how it infects a device. It works by installing malicious code in a "drive-by attack". This means that a device can be infected just by a user visiting a compromised website that has been hacked and the code embedded in the webpage code. The user doesn't even need to download or click anything for the problems to start. So the user won't even know they've been infected until it's too late.
So, what action do Mac/Apple users need to take? First of all, a change in attitude as their devices are now vulnerable to attack on a scale never even imagined before. Then, they need to take precautions. Oracle (the producers of Java) and Apple have realised a patch to fix the loophole that let's the trojan in. Make sure that Java has been updated to the very latest version - this is secure. Then, you need to get some protection. If you don't have any anti-virus software then get some! Norton Anti-Virus 12 for Mac is a recommended software suite or, if you're tight ;) then there's a free alternative at:
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx.
I'm not a Mac or Apple user so I can't make detailed recommendations. However, as I've mentioned before, I am an internet security advocate who is very active in the movement to combat internet and computer security threats, internet scams and criminal fraudulent activity (and have been since the days of BBSs!). So, I will pass on my knowledge where I can.
Sources of knowledge include:
http://nakedsecurity.sophos.com/
http://safeandsavvy.f-secure.com/
http://news.drweb.com/?i=2415&c=10&lng=en&p=0
As with any threat, the biggest threat is naivity. So, share this knowledge with your Apple/Mac-owning friends, family and colleagues and help make the internet a safer place!
Although there have a been a few sporadic malware attacks that have targeted the Apple community in the last couple of years, there's a new bad boy in town and he's already infected lots of machines. In fact, one security firm is suggesting that around of 12% of UK Mac/Apple devices have already been infected and the infection is spreading. And it needs to be stopped. Now, the one thing that is letting it spread is the cavalier attitude of the average Mac/Apple user with regards to security. They commonly hold the belief that Apple products are immune to attack due to the fact that Apple control every aspect of the OS, and not allowing third parties to mess with it, that Apple OS is watertight. Well, as the head of one computer security firm has stated "2012 will be remembered as the year Apple Mac was cracked."
This might sound like the trailer to a film but it's not. It's real. The threat comes from trojan "Backdoor.Flashback.39". It's been infecting Apple devices (not just Macs but also iPhone and iPad) for a while but, because of the scale of the attack, it's only started to get noticed recently. It exploits a flaw in Java which lets the hackers get root level access to the device and can monitor the user's activity and then send the results back to the hacker. It can identify and harvest bank details, passwords, even secret question answers such as the user's mother's maiden name. This information can make a lot of money for the hackers and cause a lot of problems and stress for the victim. And, if this doesn't sound bad enough, the worst part is just how it infects a device. It works by installing malicious code in a "drive-by attack". This means that a device can be infected just by a user visiting a compromised website that has been hacked and the code embedded in the webpage code. The user doesn't even need to download or click anything for the problems to start. So the user won't even know they've been infected until it's too late.
So, what action do Mac/Apple users need to take? First of all, a change in attitude as their devices are now vulnerable to attack on a scale never even imagined before. Then, they need to take precautions. Oracle (the producers of Java) and Apple have realised a patch to fix the loophole that let's the trojan in. Make sure that Java has been updated to the very latest version - this is secure. Then, you need to get some protection. If you don't have any anti-virus software then get some! Norton Anti-Virus 12 for Mac is a recommended software suite or, if you're tight ;) then there's a free alternative at:
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx.
I'm not a Mac or Apple user so I can't make detailed recommendations. However, as I've mentioned before, I am an internet security advocate who is very active in the movement to combat internet and computer security threats, internet scams and criminal fraudulent activity (and have been since the days of BBSs!). So, I will pass on my knowledge where I can.
Sources of knowledge include:
http://nakedsecurity.sophos.com/
http://safeandsavvy.f-secure.com/
http://news.drweb.com/?i=2415&c=10&lng=en&p=0
As with any threat, the biggest threat is naivity. So, share this knowledge with your Apple/Mac-owning friends, family and colleagues and help make the internet a safer place!