For years, Macintosh computer users have held up their machines as superior for a few reasons: better performance for designers and artsy types, a more intuitive and attractive user interface and—most significantly for many users—freedom from worry about viruses and malware.
Now, Flashback Trojan has changed all that. In early April, a Russian antivirus seller discovered that more than 500,000 Macs had been hit by the malware infection. When users visit certain websites, Flashback can exploit a vulnerability in some versions of Java to install itself on their computers. After that, it can get into the Safari web browser, monitor a user’s web activity and steal passwords and other information.
Macworld reports that Flashback is different from other malicious programs that have affected Macs in the past because it doesn’t require that a user install infected software on their machine themselves—it can climb on your computer the minute you visit an affected site.
Apple has responded with a software update for Macs running OS X Lion and Mac OS X v10.6 that remove Flashback and patch the flaw in Java. For older operating systems, the company advises users to disable Java. Apple says it is also fighting back against the sites that host the malware, “working with ISPs worldwide to disable this command and control network.”
Still, Apple has been criticized in some circles for reacting too slowly to the Trojan. In the past, the company’s freedom from serious malware attacks has been more because it gets less attention from cyber thieves than because of anything it’s done particularly well.
Macworld says the attack should be a bit of a wakeup call for Apple and probably points to a new interest in the company’s computers among destructive hackers. But it also says that Macs are still far less prone to infection than PCs, and if Apple introduces better security measures quickly, its users shouldn’t be forced to seek IT services to fend off a Trojan invasion very often.