The recent outbreak of the Flashback trojan infected over half a million Macs at its peak in just a matter of weeks. The extent of the infection highlighted just how much catching up Apple has to do to get their security up to speed.
But it's not just Apple who's to blame here. The users themselves have the responsibility to keep their units updated by downloading updates and security patches as they are released.
Russian security company Dr. Web has just recently published its findings after investigating Macs that were infected with Flashback. In their blog post, Dr. Web explained how the trojan operated.
BackDoor.Flashback.39 connects to a control server, downloads an executable onto the infected machine and installs it in the system. At this moment the Trojan brings up a dialogue window prompting the user to enter an administrator password.
If the user does enter the password, the malicious program runs with elevated privileges, but even if they don't, the Trojan will be saved in the user's home directory and launched with the current user permissions
-- Dr. Web
Aside from that, Dr. Web also revealed that a large percentage of the infected computers were either running on older versions of OS X or missing a number of security updates. Of the infected machines, 25 percent were running 10.5 (Leopard), 63.4 percent were on 10.6 (Snow Leopard), and 11.2 percent were running 10.7 (Lion).
Lion is the latest release in OS X, which had low numbers, primarily because the Java hole that the worm exploited was only included in Leopard and Snow Leopard.
Here's some further breakdown of the data:
- 24 percent of the infected Macs running Snow Leopard had missed at least one update, and of these, 10 percent had missed 3 or more major updates.
- 28 percent of the infected Macs running Lion had skipped at least one update.
The moral of the story? Download security updates, patch your computers, and try to update your OS at least once every few years.
Article by Hazel Chua
Gigadgetry: Cool Gadgets, Tech News, Quirky Devices