Apple Macs or any device running iOS can apparently get viruses through their browsers. That the latest word from Russian antivirus company, Dr. Web. This virus, the latest in a string of virus attacks aimed at phishing personal information from Apple aficionados computers, is alarming but not surprising,. After all, when you get more popular, you become a TARGET.
That’s the name of the Game, folks!
This latest attack, dubbed the Flashback Botnet, takes advantage of the fact that AppleMac users trust Java and Adobe a bit more that Apple would like. According to Dr. Web malware analyst Sorokin Ivan, the total number of infections was six hundred thousand (600,000) with (surprise!!) two hundred and seventy four (274) of them being in Cupertino, California. That’s right in the Heart of Apple Country and very close to Infinite Loop Drive, where Apple’s Corporate Headquarters is located.
In its previous incarnation the Flashback Botnet was first spotted in September 2011AD. Back then the Flashback Botnet masqueraded as a fake Adobe Flash update, for which Apple released a Java Update that seemed to work. However, on the 1st of April 2012AD (April Fools everyone!!) it resurfaced as an infected website and comes onto your iOS device via one of two routes:
- Requesting the Administrator Password and installing itself in the Applications Folder
- Installing itself into your User Accounts where it extracts information via infecting Web Browsers and other Applications running on your Mac
So now that Apple’s a target, how do you protect yourself from getting viruses in crossfire?
Here’s a few handy tips:
- Ditch Adobe Reader, as it’s the source of Security problems in the infections thus far. The malware authors merely take advantage of the weaknesses in this software to infect Apple Macs, an indication of the strength of the Apple OS and IOS. Apple already can read PDF just fine without Adobe Reader and even on my Personal PC, I’ve ditched Adobe a long time ago
- Get rid of Java and Flash, again due to the above vulnerabilities in Adobe and anything Java (sorry Oracle and Sun Microsystems!!). This however means being unable to watch flash Videos and playing Java based games online. Not to worry: use Google Chrome as it has Flash and Java built in and updates automatically
- Stay on top of software updates as they may contain security fixes. This is especially true if you’ve decided to ignore my above device and keep Adobe and Java – at your peril of course
- Create a non-admin account for browsing. This is the main purpose of the above attack, as it quite easily and barefacedly requests your password. Use Admin only when you have work to do on the System. Ditto for PC users as well!
- Take control of your passwords using Keychain, Apple’ built-in password manager. Use LastPass or 1Password as third-party options to handle your passwords for your various Applications and accounts.
- Finally (gulp!) I never thought I’d have to say this, Mac users, but (gulp!) getting a good freeware security program like Avast (love that talking antivirus!), Sophos, Kaspersky or even a basic link scanner such as AVG Link Scanner to check links online (albeit Avast does the same thing already!!) is a great free way to protect and detect freeware.
That’s it folks.
Follow these tips and you’ll be online. And if all else fails, a PC running a Fedora Linux Distribution isn’t so bad as it sounds, as it’s now apparent that Macs can get virus’ too.
Here’s the Link(s)
LastPass for Mac
1Password for Mac
Avast for Mac
Sophos for Mac
AVG Link Scanner