“The Java-exploiting malware OSX.Flashback.K variant has ceased to be a meaningful threat to Mac owners, and the number of infected Macs has dropped to one-sixth its high point in just over a week, reports utility vendor Symantec,” MacNN reports.
“The malware, which was the most successful attack thus far in the Mac world due to a slow updating of Java, was never much of an actual security threat but did manage to reach around one percent of installed base, a record for [Mac OS X] malware penetration,” MacNN reports. “A number of factors have played a role in reversing the malware’s course, primarily some quick action from Apple once the Trojan’s infection rate began to rapidly increase. In part, however, Apple’s lethargy in pushing out an update to Java (Oracle had corrected the flaw about six weeks earlier) is at least partially why the malware was so successful in the first place.”
MacNN reports, “Still, the company was finally roused to become aggressive about the problem, and quickly posted three slightly-revised updates to Java as well as its own detection and removal tool, including a version for Lion users who hadn’t installed Java.”
Read more in the full article here.
[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]
Related articles:
Apple releases Flashback trojan removal tool – April 14, 2012
Apple releases Java Update to remove Flashback trojan – April 12, 2012
600,000 Macs infected with Flashback trojan, 274 in Cupertino; how to check your Mac – April 5, 2012
Back in late 2010, Apple and Oracle jointly announced that Oracle would be taking over development for Java on OS X. Here’s the URL:
http://www.apple.com/pr/library/2010/11/12Oracle-and-Apple-Announce-OpenJDK-Project-for-Mac-OS-X.html
Apple then removed Java from the Lion default install, as would be expected. So what happened?
Good question. Oracle taking over Java on OS X was supposed to make security updates like this happen more rapidly. I wonder who dropped the ball? Maybe Oracle’s Mac developers just weren’t up to the task, or maybe Oracle’s best Mac developers left the company unexpectedly.
This has to be seen as one of the great security successes of Apple. You can argue that the trojan shouldn’t have gotten as far as it did. But you can’t deny that Apple crushed the thing like a bug once they put their mind to it.
The problem with writing Mac malware: Even if you can get it onto a Mac, it’s not easy to hide. You don’t have a registry to burrow into like you do on Windows. Disinfecting is just a matter of identifying the files and deleting them. And given that most Macs take Software Updates from Apple automatically, Apple can wipe out an infection with the push of a button.
Malware authors are going to have to work much harder to own the Mac than they did the PC.
——RM
The short lifespan of Mac malware makes it very difficult to profit from. And if there’s little profit, there’s little motive to make malware for Mac in the first place, even as the number of Mac users expands.