For years, Mac users have been told that not only are they cooler than their PC counterparts, they are safer too. Apple has always held that computer viruses and malware only dogged its competitors.
That is no longer the case.
This week, security researchers discovered a new computer virus had infected half a million Mac users — about half of them in the United States. The virus is infesting users in the most surreptitious way possible: users need not manually click on any malicious links or manually download any malware to get infected. The program simply downloads itself. Once downloaded, the malware’s creators gain a back door that gives them unauthorized access to the victim’s computer.
“This is the largest scale attack on Mac OS X to date,” said Roel Schouwenberg, a senior researcher at Kaspersky Lab, an antivirus software company who has analyzed the malware. “And much more sophisticated.”
For now, the malware’s creators appear to be using infested computers for click fraud, in which they manipulate clicks on a Web advertisement in exchange for kickbacks. But as with all malware, its creators can choose to use infected computers however they like.
The malware infects computers in one of two ways. In some cases, users receive a pop-up prompt purporting to be from Adobe Flash asking them to install an update and type in their password — hence the Trojan’s name, “Fakeflash” or “Flashback.” But in most cases, attackers appear to have exploited a loophole in Java software that automatically downloads the malware onto victims’ machines without any prompting.
Apple issued two security patches for Fakeflash this week and encouraged Mac users to run their software updates as soon as possible.
For the technically astute, F-Secure, a Helsinki-based security firm, published instructions for how to identify Fakeflash and remove the virus manually. Doctor Web, the Russian security firm that first discovered the virus, has created a simple online tool that allows users to check if their Mac has been infected.
Several security experts have criticized Apple as slow to react, considering Oracle issued a fix to the Java security hole in February. Apple did not issue a fix until more than a month later.
Doctor Web discovered the virus was exploiting the loophole to infect Mac computers this week. Kaspersky Labs reverse engineered the malware and began to intercept its communication on Wednesday. So far, it found 620,000 computers had been infected. Some 301,000, were in the United States. Another 95,000 computers were in Canada, with 47,000 in Great Britain and 42,000 in Australia. Almost all — 98 percent — ran Mac’s OS X operating system.
This is hardly the first time Mac users have been hit by a Windows-style computer virus. Last year, security researchers discovered a piece of malware, called Mac Defender, had targeted Apple machines. Intego, a security firm, discovered Mac Defender on May 2, 2011. It took Apple until May 31, 2011, to issue a fix.
Security experts said Fakeflash was far more widespread and sophisticated than Mac Defender. Several cautioned that it may signal a new era in which Mac users become the new target for Windows-style malware attacks. Apple’s growing share of the PC market simply makes it too juicy a target.
“Last year’s attacks were a turning point — criminals realized they could make money targeting Apple users,” said Mr. Schouwenberg.”As Apple gains more market share, it will also see more attacks.”
Adam J. O’Donnell, a security architect at Sourcefire, a computer security firm, wrote a report in 2008 predicting that digital criminals would start targeting Mac users with Windows-style malware attacks once Apple’s share of the PC market reached 16 percent, assuming that Windows anti-virus solutions were at least 80 percent effective.
He was not far off. Apple currently holds 12 percent of the PC market in the United States, according to Gartner, a research company, and anti-virus software has reached 95 percent effectiveness, according to AV Comparatives, a nonprofit that audits anti-virus software.
“The problem is that the security industry has much less visibility into Mac OS X than Windows,” said Mr. Schouwenberg. “Mac users have been led to believe they’re safe and turned off their paranoia filter. There is a lot of easy prey out there.”