Macworld Forums

Macworld Forums: Security experts: 600,000-plus estimate of Mac botnet likely on target - Macworld Forums

Jump to content

  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Security experts: 600,000-plus estimate of Mac botnet likely on target

#1 User is offline   Macworld 

  • Story Poster
  • Group: MW Bot
  • Posts: 34,402
  • Joined: 30-November 07

Posted 06 April 2012 - 03:01 PM

Post your comments for Security experts: 600,000-plus estimate of Mac botnet likely on target here
0

#2 User is offline   LelandHendrix 

  • Member
  • Group: Macworld Insiders
  • Posts: 304
  • Joined: 06-February 10

  Posted 06 April 2012 - 04:33 PM

I agree--I suspect that the 600,00 number may have machines running other OSes counted as well.

It's a JAVA exploit, the same JAVA that runs on every supported platform.
1

#3 User is offline   lkrupp 

  • Member
  • Group: Macworld Insiders
  • Posts: 509
  • Joined: 30-December 04

  Posted 06 April 2012 - 05:25 PM

Because of the constant drone of these anti-virus companies predicting doom for Mac users unless we buy their product I will NEVER purchase anything from any of them. I will just live with ClamXav for better or worse.
0

#4 User is offline   cashxx 

  • Member
  • PipPip
  • Group: Members
  • Posts: 146
  • Joined: 17-June 10

  Posted 06 April 2012 - 06:11 PM

I still say Dr Web is behind the malware. Usually the malware is from Russia or other places overseas and he is making headlines now and the only one with the data.
0

#5 User is offline   bsmith8900 

  • Newbie
  • Pip
  • Group: New Members
  • Posts: 4
  • Joined: 06-April 12

  Posted 06 April 2012 - 06:11 PM

No, this can't possibly be true. Macs don't get malware. Apple said so.
-1

#6 User is offline   Dotkhan 

  • Member
  • PipPip
  • Group: Members
  • Posts: 98
  • Joined: 13-May 10

  Posted 06 April 2012 - 08:21 PM

The headline should be
Security "expert": 600,000 estimate of Mac botnet disputed
There is not agreement that the 600,000 reported by 1 source are all Macs and not another OS.
In a con game, an expert is a stranger that someone we trust has told us is knowledgeable on a subject.
0

#7 User is offline   doh123 

  • Member
  • PipPip
  • Group: Members
  • Posts: 228
  • Joined: 14-February 06

  Posted 07 April 2012 - 04:34 AM

how do we verify the UUID info? We can't see the code? What if part of the botnet strategy was making random UUID info and not sending the actual one.. then 1 computer could have seemed like thousands.
0

#8 User is offline   RLSp7ed 

  • Member
  • PipPip
  • Group: New Members
  • Posts: 15
  • Joined: 27-July 11

Posted 07 April 2012 - 07:02 AM

View Postlkrupp, on 06 April 2012 - 05:25 PM, said:

Because of the constant drone of these anti-virus companies predicting doom for Mac users unless we buy their product I will NEVER purchase anything from any of them. I will just live with ClamXav for better or worse.




do you think ClamX is up to this particular job?
0

#9 User is offline   klahanas 

  • Veteran
  • Group: Macworld Insiders
  • Posts: 2,037
  • Joined: 01-March 10

Posted 07 April 2012 - 07:09 AM

View PostLelandHendrix, on 06 April 2012 - 04:33 PM, said:

I agree--I suspect that the 600,00 number may have machines running other OSes counted as well.

It's a JAVA exploit, the same JAVA that runs on every supported platform.


It's a Java exploit that targets folders and files that are only present on a Mac. Thus it's Mac specific.
"One likes to believe in the freedom of music,
But glittering prizes and endless compromises
Shatter the illusion of integrity."

-Rush
0

#10 User is offline   k88dad 

  • Member
  • PipPip
  • Group: Members
  • Posts: 590
  • Joined: 22-March 05

  Posted 07 April 2012 - 08:02 AM

Beyond conflict of interest, the reason that I find the number suspicious is because of the large number of things that this trojan checks for before activating. In addition to most well-known antivirus, it checks for both 2008 and 2011 versions of Microsoft Office. It also checks for Xcode and Little Snitch. I suppose that there are a lot of Macs not running one of the last two versions of Office. I wonder of trial versions count?
0

#11 User is offline   k88dad 

  • Member
  • PipPip
  • Group: Members
  • Posts: 590
  • Joined: 22-March 05

Posted 07 April 2012 - 08:42 AM

View Postklahanas, on 07 April 2012 - 07:09 AM, said:

View PostLelandHendrix, on 06 April 2012 - 04:33 PM, said:

I agree--I suspect that the 600,00 number may have machines running other OSes counted as well.

It's a JAVA exploit, the same JAVA that runs on every supported platform.


It's a Java exploit that targets folders and files that are only present on a Mac. Thus it's Mac specific.

In all fairness, there are multiple versions of Flashback. It is not clear that the 600K number is referring only to the latest Mac flavor.
0

#12 User is offline   klahanas 

  • Veteran
  • Group: Macworld Insiders
  • Posts: 2,037
  • Joined: 01-March 10

Posted 07 April 2012 - 09:06 AM

View Postk88dad, on 07 April 2012 - 08:42 AM, said:

View Postklahanas, on 07 April 2012 - 07:09 AM, said:

View PostLelandHendrix, on 06 April 2012 - 04:33 PM, said:

I agree--I suspect that the 600,00 number may have machines running other OSes counted as well.

It's a JAVA exploit, the same JAVA that runs on every supported platform.


It's a Java exploit that targets folders and files that are only present on a Mac. Thus it's Mac specific.

In all fairness, there are multiple versions of Flashback. It is not clear that the 600K number is referring only to the latest Mac flavor.

The 600K number is the latest Mac flavor, and was measured as such. Older variants of this malware are obsolete. To your point, which I will take as a "best case" scenario, see the link below.

http://www.securelis...otnet_confirmed


Exerpted from above link:

"We have used passive OS fingerprinting techniques to get a rough estimation. More than 98% of incoming network packets were most likely sent from Mac OS X hosts. Although this technique is based on heuristics and can’t be completely trusted, it can be used for making order-of-magnitude estimates. So, it is very likely that most of the machines running the Flashfake bot are Macs."
"One likes to believe in the freedom of music,
But glittering prizes and endless compromises
Shatter the illusion of integrity."

-Rush
0

#13 User is offline   k88dad 

  • Member
  • PipPip
  • Group: Members
  • Posts: 590
  • Joined: 22-March 05

Posted 07 April 2012 - 09:20 AM

View Postklahanas, on 07 April 2012 - 09:06 AM, said:

The 600K number is the latest Mac flavor, and was measured as such. Older variants of this malware are obsolete. To your point, which I will take as a "best case" scenario, see the link below.

http://www.securelis...otnet_confirmed


Exerpted from above link:

"We have used passive OS fingerprinting techniques to get a rough estimation. More than 98% of incoming network packets were most likely sent from Mac OS X hosts. Although this technique is based on heuristics and can’t be completely trusted, it can be used for making order-of-magnitude estimates. So, it is very likely that most of the machines running the Flashfake bot are Macs."

Thanks for the research. My main point is that Macworld is not including enough info in these articles. Let me rephrase my previous statement to: It is not clear from this article... Most of my knowledge on this is coming from a large number of websites that are not necessarily Mac-oriented.
0

#14 User is offline   FlopTech 

  • Member
  • PipPip
  • Group: Members
  • Posts: 108
  • Joined: 31-January 12

Posted 07 April 2012 - 09:35 AM

View Postlkrupp, on 06 April 2012 - 05:25 PM, said:

Because of the constant drone of these anti-virus companies predicting doom for Mac users unless we buy their product I will NEVER purchase anything from any of them. I will just live with ClamXav for better or worse.


Same here. Apparently the Flashback malware doesn't install itself if ClamXav or other anti-virus apps are already installed. To "avoid detection."

We use ClamXav, and we've donated to the developer.
0

Share this topic:


  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users