First Major Outbreak of Mac OS X Trojan: a Turning Point?

Last week the blogosphere nearly exploded (see here, here, here and here for only a few examples) with the news of the Flashback trojan, creating a botnet of nearly 600,000 Apple machines. Getting your machine infected is as easy as surfing to a bogus website containing the malware, which installs itself using an exploit in Java. This technique is called a drive-by download. There is no need for you to enter your admin credentials. It’s even worse: the malware will install itself without you noticing it at all. Pretty scary if I may say so.

If you want to know if your Mac is infected with the Flashback trojan, then check out this page on F-Secure’s website to find out and follow the removal instructions if you do find it on your machine.

To make your Mac less vulnerable for this kind of malware attack, I recommend checking out Khürt Williams’ post who explains how to turn off Java in Safari and on OS X level. This makes very much sense when you are not a software developer who has to deal with Java on a daily basis. If you use an other browser like Google Chrome or Firefox, then check out this page for instructions. Khürt also advises to uninstall Adobe’s Flash plugin. This is one bridge too far for me at the moment, but it certainly is a good idea.

A lot of people consider the outbreak of Flashback as a turning point for the Mac platform. Mac users should face it that they are not ‘forgotten’ anymore by malware writers and should install anti-virus protection, just as the majority of Windows users does nowadays. Check this post on AskDifferent.com for a list of anti-virus solutions for the OS X platform.

Update April 11th, 2012: Apple works on software to release the Flashback malware from infected Macs and is working with ISPs worldwide to bring down the botnet’s command & control servers. Read more about this on arstechnica.com.

Microsoft’s Latest Security Intelligence Report from 2011

Some interesting quotes from Ars Technica’s summary of Microsoft’s latest Security Intelligence Report (linked below). The first one talks about spam volumes. We’re talking about billions of messages a month here, which is mind-boggling if you try to imagine this.

Microsoft … attributes the drop [in spam volumes] primarily to the “takedowns of two major botnets: Cutwail, which was shut down in August 2010, and Rustock, which was shut down in March 2011 following a period of dormancy that began in January.” Consequently, the biggest drops in e-mails blocked occurred in September 2010, when spam dropped to about 65 billion messages, and in January 2011, when it fell under 40 billion. The low point was in May 2011, with about 22 billion, but it ticked up again in June.

The next quote is about Java, and it’s not really good news for Java:

The most commonly observed exploits target vulnerabilities in Java, specifically the Java Runtime Environment, Java Virtual Machine, and Java SE in the Java Development Kit. “Java exploits were responsible for between one-third and one-half of all exploits observed in each of the four most recent quarters,” Microsoft said.

For more details and some interesting graphs, visit the link below.

Link : ars technica – Microsoft finds 64 billion fewer spam messages per month after …

Google Is Not Giving up Easily in Java/Android Lawsuit

My guess is that this lawsuit is going to take a very long time to come to a conclusion…

Google has filed a response to Oracle’s lawsuit filed in August, denying infringement on any of Oracle’s intellectual property. The company not only argued that it had not crossed any of Oracle’s patents, but even if it did, the patents should be ruled invalid and unenforceable. Additionally, Google said that Oracle shouldn’t be pointing fingers, as Oracle itself is practicing double standards when it comes to the open sourcing of Java.

Oracle originally accused Google of both patent and copyright infringement over its heavy use of Java in the Android software development kit. At the time, an Oracle spokesperson stated flatly that Google “knowingly, directly, and repeatedly infringed Oracle’s Java-related intellectual property” when developing Android.

According to Google, those accusations are completely baseless, and the company takes things a step further by pointing out that the “open source” nature of Java isn’t quite so open source after all thanks to Sun. Basically, Google argues that Sun had released much of the source code for Java 2 SE under the GPLv2, which “contributed to its widespread acceptance among software developers,” but that the company later required developers to demonstrate compatibility with specific Java requirements in order to obtain a license.

Link : ars technica – Google opens up can of open source worms in Oracle Java suit