Apple's Flashback Trojan tool fixes nothing
As if there isn't problem enough, with Apple giving Mac users a false sense of security. Now security software vendors do it, too. Earlier in the week, Symantec reported that the number of Flashback-infected Macs had fallen to 140,000 -- that's from as many as 700,000 by Kaspersky Lab's reckoning. But yesterday, Dr. Web put the number at 500,000, leading Symantec to acknowledge low reporting of actual infections.
The revelation -- and it most certainly is -- comes more than a week after Apple released a security update designed to remove the Flashback Trojan, which also is called Flashfake. Half-a-million compromised Macs, tied together as a botnet, is the tipping point for Apple computers. Apple and its security software partners must rally quick, to kill this beast before it bursts the fragile dike protecting the Mac user community from the tsunamis that occasionally wash across the Windows world. This the turning point, where OS X joins Windows as a platform aggressively targeted by cybercriminals.
Mr. Gates' Neighborhood
People have talked about this tipping point for years, but it never came -- creating yet another false sense of security (damn there are so many). This is the time, should the Flashback botnet flourish -- or even just persist. As I expressed last week, before Apple released the security fix: "Botnets this size are self-propogating. Cyberciminals can use a large botnet to attack and infect other computers. Can this one be taken down?" No is the worst possible answer to the question.
For years, I've heard pundits of every kind claim that cybercriminals largely attack Windows over Macs because of the large number of users. One day, should Apple PC market share increase, they argued, Macs would become targets. That thinking is a load of horse poop.
The problem started first by design. Microsoft developed Windows before the popular, public Internet and designed early networking and other features for the corporate network. The simple concept: Make sharing as easy as possible. Years ago, I referred to Windows and supporting productivity apps like Office as Mr. Gates' Neighborhood, playing off the public television kids program Mr. Rogers' Neighborhood. It was a safe place, where people had no locks on their doors or windows and even connected their homes (think of that as Microsoft cross-integrating features). But then the big city -- the Internet -- grew up around the safe neighborhood. Suddenly, those lockless doors and windows and interconnected homes were a liability. Anywhere criminals could get in, they freely moved everywhere.
A decade ago, Microsoft cofounder Bill Gates made security the company's number one priority. Microsoft changed the way it develops software, took an aggressive and proactive approach to security fixes and put in locks, so to speak. But securing the Windows ecosystem was a slow process -- and still is. End users didn't change their behavior right away.
Meanwhile, cybercriminals assailed Windows with great success, creating vast botnets of infected PCs to advance their activities. This is hugely important to understand. Windows isn't the larger target because there are more PCs running the operating system. Cybercriminals succeeded creating botnets early on that are persistent, and they will continue to be unless one thing changes rapidly in the Wintel market: XP.
Botnet Backbones
Windows is quite a secure operating system today. But the majority of the install base uses Windows XP, which shipped long before Gates made security Microsoft's top priority. Granted, Service Pack 2's release in 2004, did much to improve Windows XP's security architecture. But escalated user privileges, among other features, make XP considerably more vulnerable to malware attacks than Windows Vista or 7. It's explosive when mixed with careless, or simply stupid, user behavior.
Windows botnets are the backbones of cybercriminal activity. They spread spam and phishing email, mask cybercriminal's IP identities and steal personal information on massive scales. Botnets are the ground forces in a global attack against Internet users. Their persistence is devastating.
In March 2011, Microsoft and law enforcement took down the Rustock botnet, which had operated since 2006. Global spam volumes fell by 40 percent following the takedown. Even then, with the head and tail cut off the beast, Rustock's body persisted, with the botnet still about half its size, based on infected IPs, three months later.
As the market slowly moves off XP, Windows botnets are threatened. How much depends on many factors, such as user behavior and development of new attack vectors. Cybercriminals need to look somewhere else, and OS X is easy pickings (same can be said of Android and iOS) since most users don't install anti-malware and a false sense of security leads many to take unnecessary risks.
The Flashback botnet is a huge concern. If not reduced or eliminated quickly, it will spread more Mac malware and lead other cybercriminals to increase their attacks against the OS X platform. If you look at the rise of cyber attacks against Windows there is more correlation to botnets' reach than number of Wintel PC users (that's hard data I'll put together some other time -- it is Saturday!).
This is the turning point, if Flashback is unchecked. Not because Mac market share has increased or OS X is any more vulnerable to exploitation than Windows 7. It's the successful creation of a viable Mac botnet and promise of others.
Photo Credits: maraga/Shutterstock