Apple Acknowledges Flashback, Seeks Heads
April 11, 2012

Apple Acknowledges Flashback, Seeks Heads

Michael Harper for

Less than 5 days after the news broke of a new malware threat to Macintosh computers, Apple has not only acknowledged the issue, but has also announced they plan to attack it head on.

A Russian security and anti-virus software maker Dr. Web made news last week when they announced the new return of an old threat, the Flashback malware Trojan. With more than 600,000 infected Macs. Dr. Web also noted there were 274 infected Macs at Apple´s own headquarters in California.

The flashback malware took advantage of a vulnerability in Safari´s Java in order to install itself on the computers. Once there, it took control of the computer, adding it to a global botnet of more than 600,000.

Yesterday, Apple released a support forum entry on their website entitled: “About Flashback malware.” In it, they said they had released a Java update meant to fix this vulnerability a few days before the news of the botnet broke and encouraged users to install these updates. They also listed plans to develop software to detect and remove the Flashback malware from any infected Mac.

In addition to repairing the vulnerability and developing software to find and remove the malware, Apple also announced they were going straight for the malware authors themselves in an attempt to choke off these threats from the source. In an aggressive move, Apple said they were “working with ISPs worldwide to disable this command and control network,” according to their post.

While this sounds like good news to Mac users, some are put off by the way Apple is moving forward in this matter.

Dr. Web´s chief executive Boris Sharov is saying Apple never responded when his firm alerted them of the botnet. Furthermore, now Apple is focusing their “command and control” attempts towards a Russian domain used by Sharov´s team to discover the botnet. Speaking to Forbes, Sharov said, “They told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren´t the ones controlling it and not doing any harm to users,” says Sharov. “This seems to mean that Apple is not considering our work as a help. It´s just annoying them.”

Though he believes trying to shutdown the monitoring server was an “honest mistake,” Sharov says this action is indicative of a very hush-hush attitude at Apple.

“We´ve given them all the data we have,” he says. “We´ve heard nothing from them until this.”

Due to their tight-lipped culture, Apple has often been criticized for not responding to threats such as these quickly enough. Oracle released a patch for this Java vulnerability in February. Apple didn´t release their patch until earlier this month.

“Their response should have been much earlier when they should have updated their Java,” says Sharov. “Now calling registrars to shut down domains is not as important. The infection has already taken place. There are dozens of domains [controlling] the botnet. Shutting down one does nothing.”

The news of the massive Mac infection has served as a sobering reminder to Apple users the world over. Though Macs have a reputation for being less likely to be attacked and infected with a virus, they have by no means been less vulnerable. As Macs grow in popularity and earn more of the share of the computer market, it may behoove Apple to look to security firms such as Dr. Web for help in identifying and squelching possible threats.