[Macworld]

Post your comments for Flashback botnet not shrinking, huge numbers of Macs still infected here

[TeaEarleGreyHot]

Well it sounds like someone's numbers are just incorrect. And I don't know anyone who's been hit by this malware.....

This post has been edited by TeaEarleGreyHot: 20 April 2012 - 01:47 PM

[Robert Bolin]

TeaEarleGreyHot, on 20 April 2012 - 01:47 PM, said:

Well it sounds like someone's numbers are just incorrect. And I don't know anyone who's been hit by this malware.....

That's been my complaint with this coverage all along, I've yet to meet someone who is infected but I keep getting opposite news from anti-virus vendors.

[FlopTech]

We're missing out on all the fun. Haven't even installed Java.

[macmanmk]

So says a Russian company with skin in the game...

[lwdesign]

So what does it mean "Dr. Web's numbers hint that all of that was in vain."? Is Dr. Web saying that Apple's fixes don't work? Or are the machines the trojan is on still don't have Apple's updates? This information doesn't make sense or give me any understanding of the situation. I've installed all the patches on 5 Macs running Leopard and Snow Leopard.

Like others, I don't know anyone who was actually infected, so where are these 650,000 Macs who are still trojaned, if indeed they really exist?

[Winski]

For those of you asking if this really exists, and questioning the legitimacy of the reports because you don't know anyone that has been hit, think about a few numbers:

- How many total possible target Macs are out there? Millions.
- What percentage of total Macs were hit? If there were 100m Macs, the amount would be .65%. I assume there are around 100 million Macs out there because Apple sold over 50m Macs since 2006 by my counts.
- How many Mac owners do you know? 1000? 2000? Even if you know 10,000 Mac users, you know only .001% of all Mac users. Even if you asked every one of those 10,000 users if they had been infected, do all of them know?
- The web site(s) which infected the Macs will determine what segment of the population is hit. If it's a Chinese or Russian site, how many of your friends would ever visit that site to get infected? Or if it's a p0rn site, would your friends admit it if they did?

So, putting all of that into perspective, you can't rely on your anecdotal evidence to state that the virus does or does not exist. You simply don't have enough information. I don't know anyone that has ever met Peyton Manning; therefore he does not exist. That's simply not the way it works.

Happy Friday one and all!

[LiquidD]

I talked to my father-in-law who informed me he hadn't updated his computer. Knowing how reckless he is, I asked if he heard about it and he said yeah, but dismissed it as false because "Macs don't have issues like that".

2 hours later I get a text that java malware was removed. He asked why I wasn't hit and I said plainly, I'm careful and smart about attachments and web sites. I also scan every once in a while. Honestly, it will fall on deaf ears.

He's the stereotypical Mac user that people get irritated with. Have a great weekend!

[MainMac]

lwdesign, on 20 April 2012 - 02:53 PM, said:

So what does it mean "Dr. Web's numbers hint that all of that was in vain."? Is Dr. Web saying that Apple's fixes don't work? Or are the machines the trojan is on still don't have Apple's updates? This information doesn't make sense or give me any understanding of the situation. I've installed all the patches on 5 Macs running Leopard and Snow Leopard.

Like others, I don't know anyone who was actually infected, so where are these 650,000 Macs who are still trojaned, if indeed they really exist?

There is no patch for this for Leopard, only Snow Leopard & Lion. Leopard is just as vulnerable as the day this virus came out.

Just because you don't know if anyone is infected is not to say you don't know anyone infected. An average user would have to see 100 or so average Macs to find an infected machine, and chances are the average computer you're seeing is more supported than the average Mac (many of which no technically savvy people see). Even the most severe viruses ever aren't common.

This post has been edited by MainMac: 20 April 2012 - 03:27 PM

[Nowheremankwkc]

Whats a MAC???

[gwysham]

"As [a] result, bots switch to the stand-by mode and wait for the server's reply and no longer respond to further commands. As a consequence, they do not communicate with other command centers,..."

So, really, they don't *know*. If none of those 600,000+ infected machines are communicating, even if they've been cleared of the trojan, it sounds like they're still counting them as infected...Or am I missing something?

[DocNo]

Robert Bolin, on 20 April 2012 - 01:49 PM, said:

That's been my complaint with this coverage all along, I've yet to meet someone who is infected but I keep getting opposite news from anti-virus vendors.

Yeah - interesting, that

[littledino]

Disable Java. Period. AND be careful of emails and sites, especially links. To be safe is to be aware and alert.

[whitedog]

LiquidD, on 20 April 2012 - 03:14 PM, said:

I talked to my father-in-law who informed me he hadn't updated his computer. Knowing how reckless he is, I asked if he heard about it and he said yeah, but dismissed it as false because "Macs don't have issues like that".

2 hours later I get a text that java malware was removed. He asked why I wasn't hit and I said plainly, I'm careful and smart about attachments and web sites. I also scan every once in a while. Honestly, it will fall on deaf ears.

He's the stereotypical Mac user that people get irritated with. Have a great weekend!

Numerous responses on this and other forums show how right you are. Denial seems to be the most common response to news of the Flashback trojan. That's not unusual in the face of a game changing event. But it is unfortunate as the game has indeed changed whether some people want to believe it or not. The halcyon days of the malware free Mac, if not utterly over, are clearly coming to an end. The success of the Flashback trojan - which appears to be ongoing - will provide ample encouragement to hackers and thieves everywhere.

In fact, the current model of Flashback takes particular advantage of the undefended Mac - which is probably most of them. To hide its operations as much as possible, it will not even install on a computer with security software present. For this reason, in proportional if not in absolute terms, Macs are more vulnerable to this exploit than Windows PCs, which, with a long history of being targeted by malware, are generally better protected by a more informed, or at least more wary, user base.

Users of older Macs are not left without recourse, however, despite Apple's lack of support. Some of the newer free versions of security software may not be available to them; if they aren't using the latest version of Snow Leopard, OS X 10.6.8, they won't have access to the Mac App Store where most of these are distributed. But ClamXav (http://www.clamxav.com/download.php) is still available directly from the developer with versions for older iterations of OS X. It should be noted that the App Store version of ClamXav, like other such software, lacks some of its most useful features due to store restrictions. I recommend getting it, or any other security software, from the developer's web site. And, of course, there are commercial (paid) products from numerous vendors that usually offer a wider range of protection, including Firewall protection beyond what is available in OS X alone, though at a not insubstantial price, which usually includes an annual renewal fee. Though ClamXav is free, the developers do accept donations which, I think, they very much deserve.