Snow Leopard Falls to Flashback Infection

Tuesday, May 1, 2012 @ 05:05 PM gHale


Nearly two-thirds of the Macs infected by Flashback are running OS X 10.6, better known as Snow Leopard, a Russian antivirus company said.

Doctor Web, which first reported the malware attack earlier this month, mined data intercepted from compromised computers to come up with its findings.

RELATED STORIES
One Site can end up a Malicious Hive
Flashback Variant Hits Macs
Malware Beat Down: Flashback on Wane
Attack Vector: Phishing Real or Phony?

The company, along with other security vendors, has been “sinkholing” select command-and-control (C&C) domains used by the Flashback botnet — hijacking them before the hackers could use the domains to issue orders or update their attack code — to both estimate the botnet’s size and disrupt its operation.

Doctor Web published an analysis of the communications between 95,000 Flashback-infected Macs and the sinkholed domains. Those communication attempts took place on April 13, more than a week after Doctor Web broke the news of the botnet’s massive size.

Flashback used a critical vulnerability in Java to worm its way onto Macs. Although Apple, which continues to maintain Java for its OS X users, patched the bug in early April, it did so seven weeks after Oracle disclosed the flaw when it shipped Java updates for Windows and Linux.

It is no surprise 63.4% of the Flashback-infected machines identified themselves as running OS X 10.6, or Snow Leopard, the newest version of Apple’s operating system that comes with Java.

Snow Leopard accounted for the largest share of OS X last month, according to metrics company Net Applications, making it the prime target of Flashback.

Leopard, or OS X 10.5, is the second-most-common Flashback-infected operating system, said Doctor Web: 25.5% of the 95,000 Macs harboring the malware ran that 2007 edition.

Apple bundled Java with Leopard as well, but unlike Snow Leopard and Lion, it no longer ships security updates for the OS, and so has not updated Java on those Macs.

Last month, Leopard powered 13.6% of all Macs.

But while Snow Leopard’s and Leopard’s infection rates are higher than their usage shares, the opposite’s true of OS X 10.7, or Lion. The 2011 OS accounted for 39.6% of all copies of OS X used last month, yet represented only 11.2% of the Flashback-compromised Macs.

That disparity seems to validate Apple’s 2010 decision to stop bundling the software with OS X. Lion was the first to omit Java, although users have been free to download and install it themselves.



Leave a Reply

You must be logged in to post a comment.