Posts Tagged ‘exploits’

postheadericon First Major Outbreak of Mac OS X Trojan: a Turning Point?

Last week the blogosphere nearly exploded (see here, here, here and here for only a few examples) with the news of the Flashback trojan, creating a botnet of nearly 600,000 Apple machines. Getting your machine infected is as easy as surfing to a bogus website containing the malware, which installs itself using an exploit in Java. This technique is called a drive-by download. There is no need for you to enter your admin credentials. It’s even worse: the malware will install itself without you noticing it at all. Pretty scary if I may say so.

If you want to know if your Mac is infected with the Flashback trojan, then check out this page on F-Secure’s website to find out and follow the removal instructions if you do find it on your machine.

To make your Mac less vulnerable for this kind of malware attack, I recommend checking out Khürt Williams’ post who explains how to turn off Java in Safari and on OS X level. This makes very much sense when you are not a software developer who has to deal with Java on a daily basis. If you use an other browser like Google Chrome or Firefox, then check out this page for instructions. Khürt also advises to uninstall Adobe’s Flash plugin. This is one bridge too far for me at the moment, but it certainly is a good idea.

A lot of people consider the outbreak of Flashback as a turning point for the Mac platform. Mac users should face it that they are not ‘forgotten’ anymore by malware writers and should install anti-virus protection, just as the majority of Windows users does nowadays. Check this post on for a list of anti-virus solutions for the OS X platform.

Update April 11th, 2012: Apple works on software to release the Flashback malware from infected Macs and is working with ISPs worldwide to bring down the botnet’s command & control servers. Read more about this on

postheadericon Microsoft’s Latest Security Intelligence Report from 2011

Some interesting quotes from Ars Technica’s summary of Microsoft’s latest Security Intelligence Report (linked below). The first one talks about spam volumes. We’re talking about billions of messages a month here, which is mind-boggling if you try to imagine this.

Microsoft … attributes the drop [in spam volumes] primarily to the “takedowns of two major botnets: Cutwail, which was shut down in August 2010, and Rustock, which was shut down in March 2011 following a period of dormancy that began in January.” Consequently, the biggest drops in e-mails blocked occurred in September 2010, when spam dropped to about 65 billion messages, and in January 2011, when it fell under 40 billion. The low point was in May 2011, with about 22 billion, but it ticked up again in June.

The next quote is about Java, and it’s not really good news for Java:

The most commonly observed exploits target vulnerabilities in Java, specifically the Java Runtime Environment, Java Virtual Machine, and Java SE in the Java Development Kit. “Java exploits were responsible for between one-third and one-half of all exploits observed in each of the four most recent quarters,” Microsoft said.

For more details and some interesting graphs, visit the link below.

Link : ars technica – Microsoft finds 64 billion fewer spam messages per month after …

postheadericon Microsoft Report Shows Massive Spike in Java Exploits

In other words: if you haven’t bothered installing updates for Java on your computer, you may actually want to do that now. Or as soon as possible…

Link : Downloadsquad – Microsoft report shows massive spike in Java exploits