Recent Malware; What To Do About It

User Group Network UGN Safenetting and Cybercrime report Randy B. Singer, Co-author of The Macintosh Bible (4th, 5th, and 6th editions) has been around the Mac user group community almost as long as the community has been around. With the recent wave of malware scares for Mac users, Randy writes in to the Apple User Group Discussion list :


I’ve now sent out a mailing to over 9,000 subscribers of The MacAttorney Newsletter about Flashback, and I’ve posted about it on a dozen Mac discussion lists. So I’ve reached somewhere around 20,000 Mac users. So far, not a single user of the many who have written back has been infected with Flashback.

While I have no doubt that Flashback is real, and that it is a good idea to do all that you can to protect yourself from it, I’m beginning to think that much of this scare was hype invented by anti-virus software firms.

Some research on the Web turns up speculation that the “600,000 infected machines” written about may not have necessarily been Macs. It may include other OS’s.

I wouldn’t be surprised if, after all is said and done, that not a single one of us will be infected by Flashback, and not a single one of us will know anyone first-hand who has been infected by it.

I sent this message out today to my user group. Feel free to send the same message to your user group:

This is a followup to my previous message about Flashback (which, by the way, at this point is not technically a Trojan, since it can infect your computer with no warning or user interaction whatsoever, simply by you visiting a malicious, or just an infected, Web site.) I thought that everyone would appreciate more information.

I’ve now sent out a mailing to over 9,000 subscribers of The MacAttorney Newsletter about Flashback, and I’ve posted about it on a dozen Mac discussion lists. So I’ve reached somewhere around 20,000 Mac users. Users have rushed to check to see if they were infected. So far, not a single user of the many who have written back has been infected with Flashback.

While I have no doubt that Flashback is real, and that it is a good idea to do all that you can to protect yourself from it, I’m beginning to think that much of this scare was hype invented by anti-virus software firms in Russia, from whom the original report eminated.

Some research on the Web turns up reports that the “600,000 infected machines” written about may not have necessarily been Macs. That number likely includes other OS’s, the proportion of which to Macs is unknown. (i.e. It may be that mostly Windows computers were infected, and very few Macs.)

Daring Fireball (written by widely respected John Gruber), a very popular Mac blog, a few days ago posted about Flashback: As of last Thursday, he says he has heard from “about a dozen or so Daring Fireball readers who have been hit by this.”

The problem is that when there is a panic about a new virus, there will always be a few folks who aren’t deep thinkers who will rush to tell you that they have been infected based on any change in their computer, or even in their lives, real or imagined. Once you manage to elicit the details from them, it becomes obvious that their report isn’t credible.

Also, the media has reported that “security experts” have confirmed that Flashback is a huge threat. There is a problem with consulting with security experts. I call it the “to a hammer, everything looks like a nail” problem. These are folks who have been trained to recognize the millions of viruses that exist for Windows. To them, everything in the entire world is a huge security threat. I’ve never heard of a security expert who has said: “Just relax; start worrying if and when there are verifiable reports of computers being infected.”

I wouldn’t be surprised if, after all is said and done, that not a single one of us will be infected by Flashback, and not a single one of us will know anyone first-hand who has been infected by it.

Now, let me be completely clear, all of the above is not to say that you shouldn’t take all necessary steps to protect yourself from Flashback. You really should. But you should know that there is no reason to get paranoid. Your Mac is still the most secure personal computing platform out there. There isn’t a flood of Mac malware hitting us. The sky is not falling. It is very important to consider the source of any information that you hear about the Macinotsh, and that includes the media which doesn’t generally have a clue about the Mac. There are, unfortunately, lots of Apple-haters and people with various questionable motives in the world.

Some users have asked if there are any applications in common use that will be effected if they totally disable Java on their Macintosh. Here are the ones that I know of:
      * Evernote
      * MoneyDance
      * OpenOffice-based suites (i.e. LibreOffice, NeoOffice, OpenOffice/Mac)

I hope that you find this message useful.

Various additional bits that might be helpful:

GO John Gruber’s Daring Fireball
GO Flashback trojan reportedly controls half a million Macs and counting
GO An interesting blog post: Apple And The Flashback Trojan
GO Macworld: What you need to know about the Flashback Trojan

How to check for and disable Java in OS X
      “Java used to be deeply embedded in OS X, but in recent versions of the OS it’s an optional install. Here is how to check to see if it is installed, and how to disable or remove it.”
GO How to check for and disable Java in OS X

Randy B. Singer
      Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
GO Macintosh OS X Routine Maintenance
GO www.macattorney.com


What did you miss in the last Safenetting post
GO Send in your items for Safenetting readers
GO Facebook Safe Netting
GO Join / Like / contribute : UGNN FaceBook Group, (ug.netnews)

DO NOT CLICK

If you think you’re a victim, file a complaint with the
GO FBI Internet Crime Complaint Center : IC3.

You can also keep up with the efforts to curb spam and cybercrime by reading the news at
GO Knujon and
GO HostExploit.com. And, you should
GO switch to SpamCop and take a stand against spam.