"Mac cyber-attacks on the rise," says Bitdefender

Security firm warns there’s been “very little publicity” around increase in alarming Mac OS viruses
Author:
Publish date:
1-catalin-cosoi-web.jpg

Security specialist Bitdefender claims attacks on Macs – such as the recent ‘Flashback’ malware – are increasing.

Since its discovery in September 2011, Flashback has managed to infect more than 600,000 machines, making use of no less than three separate vulnerabilities to download and execute itself on Mac OS systems from compromised websites.

The original version of Flashback tried to trick users into downloading it by pretending to be an installer for Adobe Flash. Since then, a new form has appeared which, rather than needing someone to install it, uses an unpatched Java vulnerability to install itself. In the security business, this is known as a drive-by download – something Bitdefender says is increasing.

“There has been very little publicity around Mac OS viruses,” Catalin Cosoi, chief security strategist at Bitdefender, told PCR. “This drive-by download technique is only becoming more popular.

“In recent years, we’ve seen a massive increase of cyber-attacks targeting the OS X system.”

To try to combat this, Bitdefender has launched a new piece of software aimed at enhancing protection for Mac users worldwide.

Bitdefender Antivirus for Mac features a faster scanning engine developed especially for OS X. The software also incorporates TrafficLight, an application that filters web traffic and blocks access to malicious websites and phishing attacks threatening Apple computers.

“TrafficLight provides security for one of the wider attack surfaces which exist on Mac systems – namely the browser,” explained Cosoi.

“Phishing sites and known compromised websites which serve malware are blocked, links provided by search engines or social web sites are scanned in advance. Scripts which try to track your behaviour on the web are flagged, so you can make informed decisions about your browsing. The most important part is, of course, the anti-malware filtering.”

With all browsers using Java and Javascript, and with the transition to HTML5 underway, the Java engines themselves have become a tempting target for malware writers.

“Exploiting Java means exploiting the browser, which in turn means gaining access to a lot of user data, this includes banking info, passwords, pins and card numbers,” added Cosoi.

This is evident in the Flashback Trojan. After infection, the malware opens up a Software Update window to try and obtain the user’s administrative password in a bid to further embed itself into the Mac. Unfortunately, at this point, whether a user puts their password in or not, the machine is still infected.

Related