Flashback was first detected in the fall of 2011, and gained widespread attention in April when it infected over 500,000 Mac computers. The ESET technical analysis, OSX/Flashback: The first malware to infect hundreds of thousands of Apple Mac, (.pdf) describes how Flashback infected computers with Mac OSX, and analyzes the installation component and the library. The malware infected victims in a number of different ways, the first as a fake update of Adobe Flash player. Flashback also used a Java-signed applet and exploited two different flaws in Java, CVE-2012-0507 or CVE-2011-3544, to infect user”s.
This once again refutes claims by some experts that there are no cyber-threats to Mac OS X. About 56.6 percent of the infected computers, or 303,449, are located in the U.S., while 19.8 percent are in Canada, 12.8 percent are in the U.K., and 6.1 percent are in Australia, Doctor Web said. For more, see the map below.
The Bratislava Slovakia-based antivirus vendor also notes that Mac users often do not take security of their machines seriously, and chronicles the relationship between Apple and Java in the wake of Flashback.
“Some Mac users believe themselves to be immune to malicious software because they are using OS X. Certainly, the malware threats to OS X are less numerous than to Windows, but they are not nonexistent,” the report read. Flashback has not been the only issue for Macs either. Lamadai, MacControl and Crisis have also created issues for Mac users this year. Experts attribute the growing threat of malware for Macs to an increasing payout for attacking the machines.
When Flashback first appeared, Apple had to validate and distribute updates via its updating system, which meant Oracle could not update Java for Macs at the same time as PCs. Often, including in the case of Flashback, the updates for Macs occurred much later.
Flashback triggered another change in the Apple-Java relationship.
“[Apple] registered all the names of the available domains connected to Flashback, including those generated dynamically. Shortly after that, Apple created an update to OS X that detected the presence of Flashback and uninstalled it from the system,” the ESET report said.
With the debut of Mac OS X Lion (10.7), Apple stopped installing Java interpreters by default on its operating system. The report called this “a move that can be seen as reducing avenues of attack. This might also be interpreted as an attempt to avoid the burden of updating software that is beyond its control.”
credit: http://searchsecurity.techtarget.com & pcmag.com