Is this the end of the Mac enterprise?

Mac sales haven’t just dropped in the past couple years, they have fallen dramatically faster than the PC market as a whole.

Macs are not the most popular computers in the enterprise office either.  Yes people love their MacBook Airs and MacBook Pros, but with the price tag so high, CIOs pass on purchasing them for the office. 
High-tech offices love Macs, thanks to the Adobe Creative Suite/Creative Cloud, but Apple lacks security updates for older versions of the Mac OS X.

Apple just announced that Mac OS X 10.9, Mavericks has fixed many security bugs for the older versions.

http://www.hyphenet.com/blog/end-mac-enterprise/

Apple stopped releasing their security flaws for older operating systems because with a rise in zero day attacks were prevailing itself.

The tall tale of the Mac having no security issues is exposed: ever hear of the Flashback Trojan, Icefog, or Backdoor:OSX/KitM.A?  These are all successful Mac malware programs.  If you are using a Mac, you should download Mavericks today!

Mavericks is a free software, it may take a couple hours to download the multi-Gigabyte to update and install but its worth it!

For those still using OS X Mountain Lion, you know there’s no more security updates, right?

Advanced Technologies

OS X Mavericks boosts performance and found a way to increase battery life efficiency.


http://www.hyphenet.com/blog/end-mac-enterprise/

Timer Coalescing – groups low-level operations together, allowing idle time for your CPU to enter a low-power state.  The CPU uses less energy reducing the activity up to 72%.

App Nap – the OS X can tell what apps you are actually working on putting a rest period on all apps that are behind other windows or hidden.

Safari Power Saver – turns animations off from advertisements or motion graphics strolling onto your screen.  This feature recognizes the difference between what you came to see and the stuff you didn’t.

iTunes HD Playback Efficiency – OS X Mavericks improves the energy efficiency of iTunes video playback.  The video playback takes advantage of your graphics hardware saving your CPU 35% of energy.

Compressed Memory - OS X Mavericks compresses data from inactive apps, making memory more available.  Compressing and decompressing happens instantaneously, Mavericks helps with responsive timing.



http://www.hyphenet.com/blog/end-mac-enterprise/


Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest Facebook scams.

References:

Mavericks: The end of Macs in the enterprise? – ZDNet
http://www.zdnet.com/mavericks-the-end-of-macs-in-the-enterprise-7000022410/
October 24, 2013

The end of the Mac? – MacDailyNews
http://macdailynews.com/2013/10/15/the-end-of-the-mac/
October 15, 2013

OS X Mavericks – Apple
http://www.apple.com/osx/

Yontoo Trojan Installs Adware Browser Plugins to Inject Ads in Webpages

Russian antivirus vendor Dr. Web is warning OS X users about a new Trojan, detected as Trojan.Yontoo.1 (“Yontoo”) that installs adware browser plugins on whatever computer it manages to infect.

Users are often duped into downloading Yontoo after landing on a movie trailer page that prompts them to download & install a [missing] browser plugin, media player, video quality enhancement program or download accelerator.

When launched, Yontoo will display a dialog window  to the victim asking them to install a program called “Free Twit Tube” –

 

However, Yontoo proceeds to download and install adware plugins for Safari, Chrome and Firefox instead.  As users surf the web, the plugins relay browsing data to a remote server, which then returns a file that enables the Trojan to inject ads (via third-party code) into webpages loaded in the affected browser.

So, for example, when a user visits apple.com on an infected machine, they may see something like this:

 

While Dr. Web’s write-up focuses on the attack targeting OS X users, it is important to note that Windows users are also subject to Yontoo infections, although Symantec classifies Yontoo as a “potentially unwanted app” vs. Trojan (an app that claims to be one thing when it’s another).

Either way, the ol’ “missing plugin” bit is rather old, so don’t fall for it. Be careful what you install on your computer, and always read the installation dialogs.

Removing Yontoo from Your PC

If you’ve already been tagged by the Yontoo Trojan, you can perform a full system scan using one of the following antivirus programs to remove the infection:

• OS X users:
  
  
  
  • Dr. Web
  
  
  • Intego (detects it as OSX/Tonyoo)
  
  
  
  


• Windows users:
  
  
  
  • Symantec
  
  
  • Webroot
  
  
  
  

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Adobe Patches 0-Day Flaws in PDF Reader & Acrobat

Adobe has released an emergency patch to fix two critical vulnerabilities in Adobe Reader & Acrobat 9.5.3, X and XI that cybercriminals are actively exploiting in targeted attacks.

The vulnerabilities in question, CVE-2013-0640, CVE-2013-0641 are the same ones that FireEye researchers spotted early last week.

Users are advised to update Adobe Reader and Acrobat as soon as possible due to the ongoing attacks. The exploit discovered by FireEye is the first to bypass the built-in sandbox security feature in Reader and Acrobat.

How to Update Adobe Reader

To update Adobe Reader, users can:

• Use the program’s built-in update mechanism, which is set to run automatic update checks on a regular schedule by default.


• Check for updates manually by going to Help -> Check for Updates…


• Manually download and apply the update:
  
  
  
  • Windows
  
  
  • Mac OS X
  
  
  • Linux
  
  
  
  

How to Update Adobe Acrobat

To update Adobe Reader, users can:

• Use the program’s built-in update mechanism, which is set to run automatic update checks on a regular schedule by default.


• Check for updates manually by going to Help -> Check for Updates…


• Manually download and apply the update:
  
  
  
  • Windows (Acrobat Standard, Pro & Pro Extended Users)
  
  
  • Mac OS X (Acrobat Pro)
  
  
  
  

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Apple Issues Java Patch & Malware Removal Tool Following Malware Attack

Go ahead and take a moment to check for software updates on your Mac if you haven’t done so already.

Apple did as promised yesterday and released a Java security update & malware removal tool after finding that their own company computers fell victim to a Java-based drive-by-download attack.

According to the security advisory, the update addresses a slew of Java vulnerabilities in Java 1.6.0_37, “the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.” Users applying the patch will be updated to Java version 1.6.0_41.

Also included in the update is a malware removal tool that Apple says will remove the most common variants of malware: “If malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found. This update is available for systems that installed Java 6.”

As previously stated, the update can be applied by selecting 'Software Update' on your Mac's menu bar or fetched from Apple Downloads and applied manually:

• Java for Mac OS X 10.6 Update 12 


• Java for OS X 2013-001 

Have you updated your Mac yet?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

iPhone Developer Forum Linked to Facebook, Apple Malware Attacks

If you’re like me, you’ve probably been wondering what websites Facebook and Apple employees were surfing prior to the discovery of malware in their company machines.

How else could the rest of us do our best to avoid the same fate? [On that note, do not visit the website I am about to mention as it could still be infected. It is being disclosed as a warning.]

As it turns out, sources close to the Facebook hacking investigation revealed to AllThingsD that iPhoneDevSDK[dot]com, an iPhone developer forum frequented by iOS development teams of we-known companies, was the website likely used to conduct drive-by-download attacks against Facebook and Apple employees.

The malicious code embedded on the iPhoneDevSDK website exploited a zero-day vulnerability within Oracle’s Java browser plugin in order to plant malware on the machines of Facebook (& possibly Apple) employees.

This type of attack is commonly referred to as a “watering hole” attack. Instead of pursuing victims using poisoned emails, attackers inject malicious code into a website frequented by their targeted demographic. In this case, the targeted demographic happened to be the mobile developers for various companies, including Facebook.

That being said, if you or someone you know has recently visited iPhoneDevSDK, you may want to check if Java is installed on your system. If you do, there's a good chance your system has been compromised. Now would be a good time to check out Apple's security patch related to this attack, as they bundled a malware removal tool with it.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Apple's Computers Infected with Malware Thanks to Java-based Exploit

Apparently Apple made a bad decision to skip over their own machines when they blocked Java browser plugins on OS X systems last month.

Reuters reports that the fruit-themed company admitted that malware managed to infect a handful of company computers after employees visited a website for software developers that had been compromised.

The website in question was housing an exploit that took advantage of a zero-day Java browser plugin vulnerability in order to drop malware on OS X systems.

The vulnerability appears to be the same one used in recent attacks against Facebook and hundreds of other companies, including defense contractors.

Apple says that they have isolated the infected machines from their network and that there is no evidence that any data has been stolen. The company is working with law enforcement to determine the source of the malware.

Apple machines have been shipped Java-free since OS X Lion, and Apple has taken many steps to protect users from Java-based attacks. The company says it plans on releasing a tool later on today that Mac users can use to detect and remove the malware used in this recent attack.

Do you have Java installed on your computer?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Adobe Updates Flash Player to Fix Vulnerabilities Used in Ongoing Attacks

It’s time to update Adobe Flash Player!

Adobe released an emergency patch for Adobe Flash Player to address two vulnerabilities (CVE-2013-0633 & CVE-2013-0634) that are actively being exploited by cybercriminals to spread malware.

Attacks using the CVE-2013-0633 vulnerability involve tricking Windows users into opening a booby-trapped Word document (.doc) containing malicious Flash (SWF) content. The malicious Word documents arrive as an email attachment.

The second vulnerability, CVE-2013-0634 is being exploited in drive-by-download attacks using malicious Flash content and pose a threat to both Windows & Mac OS X users.

Adobe recommends that Linux and Android users update their software even though Windows & OS X are the only ones that appear to be targeted in the ongoing attacks.

Affected Flash Player versions, according to Adobe’s security advisory:

• Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh


• Adobe Flash Player 11.2.202.261 and earlier versions for Linux


• Adobe Flash Player 11.1.115.36 and earlier versions for Android 4.x


• Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x

Not Sure What Version of Flash Player You Have?

Users that are unsure of what version they’re running can find out by:

• Visiting the About Flash Player page on Adobe’s website.


• Right-clicking on content running in Flash Player & select “About Adobe (or Macromedia) Flash Player” from the menu.

Be sure to check the version in each web browser installed on your system; just remember that Google Chrome & IE10 will be updated automatically!

How to Update Adobe Flash Player

To update their installation of Adobe Flash Player, users can:

• Download the update from the Adobe Flash Player Download Center.


• Use the built-in update mechanism in Windows Control Panel or OS X System Preferences.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Researchers Discover New Backdoor Trojan Targeting Mac Users

Researchers have discovered a new backdoor Trojan targeting Mac users, which many antivirus vendors are referring to as OSX/Dockster.A.

Dockster is said to be a basic backdoor Trojan that’s capable of capturing keystrokes, downloading arbitrary files and providing an attacker remote access to the system.

According to Intego, upon infection, Dockster will remove itself from the location it was ran and install in the user’s home directory under the filename .Dockset. This file cannot be seen when using Finder, but you will be able to see it using OS X’s Activity Monitor when it's running.

Once it is all settled in on your Mac, Dockster will phone home to itsec.eicp.net for instructions.

Dockster is actively being served in-the-wild, but is considered a low-risk since it is not widespread and has only been seen on gyalwarinpoche.com, a website dedicated to the Dalai Lama that was compromised to drop the Trojan on visiting computers.

The exploit code used in the attack leverages the same Java vulnerability (CVE-2012-0507) that was used to infect machines with the Flashback & Sabpab Trojans earlier this year. (On a side note, F-Secure warns that this site is rigged with another Java exploit, CVE-2012-4681 to drop Trojan.Agent.AXMO on computers running Windows as well.)

Protecting Your Mac from OSX/Dockster.A

Here are some tips to keep your Mac safe from this threat:

• Keep your operating system fully patched & up-to-date, as Apple has previously released updates to deal with Java-based threats.


• Either toggle Java browser plugins as they’re needed or remove Java from your system if you don’t use it.


• Always run antivirus software on your system. It’s better to be safe than sorry!

Think Your System Has Been Infected?

Thankfully there are a few antivirus programs capable of detecting & removing this threat, so take your pick:

• Intego VirusBarrier X6


• Sophos Anti-Virus for Mac Home Edition (detected as OSX/Bckdr-RNW)


• F-Secure Anti-Virus for Mac

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

New OSX/Imuler.B Variant Spotted by Researchers

Researchers over at F-Secure have recently discovered a new variant of the data-stealing Mac malware, OSX/Imuler.B, which is believed to be targeting Tibetan rights activists.

F-Secure researchers say that the latest Imuler.B variant is similar to its predecessor, OSX/Imuler.A; however the new build is configured to “exit” if Wireshark, a popular network protocol analyzer, is detected on the target machine.

Screenshot Credit: F-Secure

Aside from setting Imuler.B to dodge Wireshark, the malware’s authors optimized the code and switched the command and control server to ouchmen.com.

Should Imuler.B manage to find its way onto your machine, it will steal system information and take desktop screenshots as it is instructed via its command and control server.  Any data collected by the malware will then be relayed back to the command and control servers, at which point the attackers can use it as they please.

F-Secure didn't say how they came across the new variant, but earlier this year Sophos found that cybercriminals were using pictures of swimwear models to spread Imuler malware, so Mac users are advised to exercise caution when downloading files online to avoid infection.

Aside from that, it’s always a good idea to run antivirus software, even on a Mac. Sure, threats targeting OS X may not be as common as they are on Windows, but they do exist and it’s always better to be safe than sorry.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Researchers Find Yet Another Zero-Day Java Flaw

Security researchers at Polish firm Security Explorations announced that they have found yet another security vulnerability in Oracle’s Java SE software that would allow a malicious attacker to gain complete control of a user’s system.

The new exploit affects Java SE 5, 6, and 7, which means over a billion PCs are at risk if Oracle’s reported number desktops running Java are accurate.

According to Adam Gowdiak of Security Explorations, all tests were successfully conducted in the environment of a fully patched Windows 7 32-bit system using Firefox, Chrome, Internet Explorer, Opera and Safari, but that doesn’t mean other operating systems are safe.

As Gowdiak explained to Computer World, “We simply did our test on Windows 7 32-bit. But, it does not matter because all operating systems supported by Oracle Java SE (such as Windows, Linux, Solaris, MacOS) are vulnerable as long as they have Java 5, 6 or 7 installed and enabled.”

The new bug marks the 50^th security flaw that Security Explorations has discovered within Java, and they have already submitted a technical description of the issue “along with a source and binary codes of our Proof of Concept code demonstrating a complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7” to Oracle for review.

So far, Oracle has not commented on this new exploit.

For those who are wondering (and you should be), there is no proof that this flaw is being actively exploited in-the-wild at this time, however, the clock is ticking. Let's not also forget that Oracle has yet to close the security holes present in their most recent out-of-band patch, which was issued to fix the last Java zero-day to make headlines.

Once again, if you don't need Java on your PC, remove it. If you do need Java, then it's best you dedicate a single browser to handle all of your Java-enabled website browsing, and disable the plug-in in your remaining web browsers.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

More Information on OSX/Crisis Trojan Released: What Can It DO?

More details about the newly-discovered Crisis Trojan targeting Apple users have emerged, and let me just say: OSX/Crisis (aka OSX/Morcut) is jam-packed with some extra creepy functionality.

Functionality

After OSX/Crisis has been successfully installed on a machine, it will inject itself into a number of programs to spy on the infected user’s activity.  These applications include popular ones like:

• Skype


• MSN Messenger


• Adium


• Firefox

In addition to tracking all activity within the programs listed above, OSX/Crisis allows an attacker to monitor and/or control the following operations:

• Mouse position


• Location


• Internal Webcam & Microphone


• Clipboard Contents


• Key strokes


• Running applications


• Web addresses


• Screenshots


• Calendar Data & Alerts


• Device Information


• Address Book Contact Information

As you can tell, with OSX/Crisis on your system, you will have no sense of privacy. Everything you do is subject to being recorded – including any audio conversations held via Skype – and all of the data collected by OSX/Crisis will be sent to a remote server controlled by the attackers.

On a side note, Intego Security researchers found that there are sections of the Crisis Trojan’s code that suggests that it was a part of a commercial malware tool called “Remote Control System” (or RCS) that’s geared towards government surveillance and mainly sold in the US and Europe.

RCS, which was created by a company called HackingTeam, usually carries a hefty price tag of €200,000 ($245,664), leading Intego to believe that it’s likely only being used in targeted attacks.

Dr. Web’s write-up of OSX/Crisis, which they identify as BackDoor.DaVinci.1, appears to draw up the same conclusion.

Known Aliases

Although this new Trojan is often referred to as the “Crisis” Trojan, it does have other names:

• OSX/Morcut (Sophos)


• BackDoor.DaVinci.1 (Dr. Web)


• Backdoor:MacOS_X/Flosax.A (Microsoft)

Graham Cluley of Sophos stated that the “Crisis” name is a result of the name appearing within the malware’s code. Instead of adopting the suggested name, Sophos opted to name the Trojan OSX/Morcut.

Dr. Web’s name seems to be derived from the name of the man who started HackingTeam, David Vincenzetti.

Microsoft stated on Facebook that they detect this threat as MacOS_X/Flosax.A.

Detecting & Removing OSX/Crisis

It’s important to note that OSX/Crisis has still NOT been spotted in-the-wild, so the risk of being infected is relatively low. However, Intego, Sophos and Dr. Web all offer antivirus solutions that are capable of detecting and removing the OSX/Crisis in the event that the day where it is actively being spread comes.

For more information on OSX/Crisis, including what versions of OS X it runs on, check out my previous post.

[via Intego][via Sophos][via Dr. Web]

Note: This article was updated on 7/30/12 to add Microsoft's alias for OSX/Crisis.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+

New “Crisis” (or Morcut) Trojan Found Targeting OS X 10.6 & 10.7

Mac users, be on your guard.

Security researchers at both Intego and Sophos are warning users about a new backdoor Trojan named OSX/Crisis (aka OSX/Morcut-A to Sophos users).

The Targets

OSX/Crisis is said to install silently, without the need of a password, and only works on computers running OS X 10.6 (Snow Leopard) and 10.7 (Lion).

It doesn't run on the newly-released 10.8 (Mountain Lion), and has the tendency to crash on 10.5 (Leopard).

Infection Method

Good news is that the Crisis Trojan has not been spotted “in-the-wild.”

Intego stated that they came across samples of the malware on VirusTotal (a site that is used to scan suspicious files and URLs, and share malware samples between security companies), and there was no mention of origin on the sample that Sophos got ahold of.

Sophos' malware sample came packaged in file deceptively named “AdobeFlashPlayer.jar” that contained a .class file named WebEnhancer along with "two unassuming-looking files named win and mac."

Given the archive name, one wouldn’t really think anything of these files; however, the “mac” file is actually the installer for OSX/Crisis Trojan while “win” serves as an installer for Windows malware identified as Mal/Swizzor-D. No need to leave Windows out of the fun, right?

Had this file been used in an actual attack, the user would get SOME kind of notification since the WebEnhancer applet triggers a digital signature alert warning stating that the applet is from an untrusted publisher.

Screenshot Credit: Sophos

Should that screen be ignored and the applet allowed to run, the malware will be installed without any further warnings to the user.

This is only one example of how OSX/Crisis can be delivered, though. Other methods may not cause alerts that throw red flags to the user.

Installation Process

While it’s true that OSX/Crisis doesn’t require a password to install, the user account permissions play a slight role in the Trojan’s installation process.

If OSX/Crisis runs on a user account with Admin permissions, it will drop a rootkit to hide itself and create 17 files. A user account without Admin privileges will result in 14 files being created.

Although majority of the files created are randomly named, they tend to fall under the following folders, which are also created by OSX/Crisis:

• /Library/ScriptingAdditions/appleHID/


• /System/Library/Frameworks/Foundation.framework/XPCServices/

Note: The “XPCSerivces” folder is only created if the user account has Admin permissions; the “appleHID” folder is created with or without Admin permissions.

After OSX/Crisis has been successfully installed, it will remain active – even if the system is restarted – and check-in with a remote server (IP address 176.58.100.37) every 5 minutes.

OSX/Crisis is said to be created in a way that makes reverse-engineering more difficult and uses low-level system calls to hide its activities. These techniques are common in Windows malware, but not OS X malware.

Protecting Your Mac

Now that you’re aware of the threat, what can you do to protect your Mac?

• Keep your OS up-to-date to make sure there aren’t any vulnerabilities that an attacker may exploit to plant OSX/Crisis on your system.


• Consider disabling Java plug-ins on your browser or removing Java altogether. Cybercriminals love exploiting Java vulnerabilities to spread malware, and researchers warn that Java-based attacks are on the rise.


• Always run antivirus software on your Mac. Most antivirus vendors offer security products for both Windows and Mac. Sophos even offers a free Mac antivirus solution, so you really have no excuse. ;) Both Sophos and Intego's antivirus apps detect and remove OSX/Crisis.


• Be careful what files you download. That means no downloading files attached to emails from unknown or untrusted sources.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Buy a 15.4-inch MacBook Pro (MD318LL/A) for $1,560!

This offer expired on 6/29/12. Please check the top banner ad for our current deal.

This version of the 15.4-inch MacBook Pro (model MD318LL/A) features a second-generation 2.2 GHz Core i7 quad-core processor, 500 GB hard drive, and 4 GB of installed RAM.

Other features include ultra-fast Wireless-N Wi-Fi networking, Bluetooth connectivity, an SDXC card slot, two USB 2.0 ports, and a FireWire 800 port.

Until June 29th, 2012, you can order a new 15.4-inch MacBook Pro from Hyphenet for only $1,560, plus shipping!

Specifications for 15.4-inch MacBook Pro

Display	15.4" LED backlight 1440 x 900 (WXGA+) Glossy, edge-to-edge glass.
Processor	Intel Core i7 2.2 GHz / 6 MB Cache
Storage	500 GB HDD (5400 RPM)
RAM	4 GB DDR3
Optical Drive	DVD±RW (±R DL) - fixed
Graphics	AMD Radeon HD 6750M / Intel HD Graphics 3000 - 512 MB GDDR5
Networking	802.11n, Bluetooth 2.1 EDR, Gigabit Ethernet
Camera	Integrated webcam (1280 x 720 Res)
Sound	Stereo speakers, subwoofer, microphone
Connection / Expansion	LAN FireWire 800 2 x USB 2.0 Thunderbolt Microphone input Headphone/SPDIF combo jack
Operating System	OS X 10.7 Lion
Battery	Lithium polymer 77.5 Wh Up to 7 hours
Warranty	1 Year Apple Limited Warranty 90 days of Technical Phone Support (Apple)

Don't miss out on this Buy of the Week! Call (619) 325-0990 to order your 15.4-inch MacBook Pro today!

Buy of the Week offer valid through June 29th, 2012.

Note: Shipping and taxes apply.

We also carry the BRAND NEW Macbook Pro with Retina display, contact us for pricing!

Looking for something else? Check out our monthly deals or contact us to get a quote on the product you're searching for.

This offer expired on 6/29/12. Please check the top banner ad for our current deal.

Update iTunes to Patch Security Hole That Could Allow Remote Code Execution

If you use iTunes, you may want to stop and check to make sure you have the most recent version (10.6.3) installed on your machine.

Last week, Apple released version 10.6.3, which addressed a security flaw that would allow remote code execution if you made the mistake of opening a malicious playlist (.m3u).

Per Apple’s release notes:

Description: A heap buffer overflow existed in the handling of .m3u playlists.

Impact: Importing a maliciously crafted .m3u playlist may lead to an unexpected application termination or arbitrary code execution.

Don’t leave your system at risk, update iTunes now.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Latest on Flashback Malware: The Malware’s Purpose, Current Botnet Size & Macs to Get Updates from Oracle

What’s the latest on the Flashback malware story?

The Motivation Behind Flashback Malware

Up until recently, it was only reported how many Macs had been infected with Flashback (aka Flashfake) without any say on what the malware actually did after making its way onto Apple machines.

According to Symantec researchers, Flashback was generating revenue for its authors via click fraud using an ad-clicking component that was loaded into Chrome, Firefox & Safari upon infection.

When the user went to conduct a search on Google, the malware would go to work by stealing clicks from paid Google ads:

Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click. (Google never receives the intended ad click.)

The ad click component parses out requests resulting from an ad click on Google Search and determines if it is on a whitelist. If not, it forwards the request to the malicious server in the following form:

http://[FLASHBACK_DOMAIN]/search?q=[QUERY]&ua=[USER AGENT]&al=[LANG]&cv=[VERSION]

Symantec researchers discovered that each hijacked click was valued around $0.08 for the attackers, which quickly added up given the number of infected machines.

Symantec estimated that Flashback was capable of easily earning the attackers upwards of $10,000 per DAY. I know Google can’t be happy about that, especially since the infected Macs can continue to make the cybercrooks money even if they’re not communicating with the command & control servers.

There is a bit of good news, though.

The Flashback Botnet is Shrinking!

Forbes reports that Dr. Web has provided new data indicating that around 100,000 Macs are dropping from the botnet per week, which is likely the result of users applying the system updates from Apple that remove the malware or installing antivirus software.

On top of that, new Flashback infections are said to have tapered off thanks to those same Apple updates patching the Java security hole that contributed to a large number of the infections.

Despite things moving slowly, Dr. Web’s chief executive, Boris Sharov estimates that in a month, it will all be over.

Oracle Will Provide Java Updates Directly to Mac

Malware aside, Ars Technica says that Oracle will begin deploying Java security updates directly to Mac OS X in addition to Windows, Linux and Solaris, allowing Mac users to get the updates directly from the source vs. waiting for Apple.

Oracle has already issued its first release for OS X users, although it's only for the Java Runtime Environment and not the Java browser plug-in or Web Start application.

And as noted by Ars Technica:

Until the Web plugin is available from Oracle, however, Mac users may still be vulnerable to attacks based on Java exploits. Users who don't update to Oracle's version and still rely on Apple's deprecated version, could face a similar security vulnerability. The good news is that Oracle offers automated update tools, so applying patches should be a no-brainer for Lion users and beyond from now on.

Oracle releases 4-6 updates for Java per year and plans on releasing a consumer version of Java SE 7, including the Java Runtime Environment (JRE) for OS X later this year.  (Read the related press release.)

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Flashback RoundUp: Conflicting Infection Reports, More Zombie Macs, & New Variant Spotted

Phew!

A lot has been going on with the whole Flashback (or “Flashfake”) malware fiasco, so I’ll do my best to sum everything up…

Conflicting Reports on # of Macs Infected with Flashback Malware

For a short period of time, it appeared that things were improving as Symantec had reported that the number of Macs infected with Flashback malware had dropped from 600,000+ to 140,000.

Kaspersky Lab also reported a decrease in the number of infections, stating that only 30,000 Macs were still under the influence of Flashback (aka Flashfake) malware.

However, these numbers didn’t match up with the latest report from Dr. Web, which still reflected an army of zombie Macs that was still over 500,000 machines strong.

Confused? Good, so was the rest of the world, which lead some to question on whether or not  security firms were attempting to scare users into purchasing antivirus software.

So, what’s with the discrepancy?

Apparently, sinkholes setup by Symantec (and other companies) were receiving limited infection counts for Flashback.

Dr. Web reported that a server registered at IP address 74.207.249.7 (and controlled by an unidentified third-party) would communicate with the infected Macs, but never close the TCP connection. This was causing bots to switch to ‘standby’ mode as they wanted for a reply from the server, preventing them from communicating with other command and control servers (or sinkholes setup by various security companies tracking the malware).

That changed the number of infected machines observed by researchers, which ultimately lead to contradicting reports.

Researchers at Intego agreed with Dr. Web’s claims and went on to say that there are likely infected Macs that are not being accounted for and that there was a possibility that more Macs are being infected on a daily basis.

Fueling the fire of uncertainty, Intego also reported that some of the specific domains that Flashback malware attempts to contact resolve to 127.0.0.1 (or localhost), keeping the Mac from reaching the command & control servers and knocking the stats even further off-track.

There’s a New Flashback Variant Out There…

As if that weren’t aggravating enough, Intego also reported yesterday that they’d spotted a new variant of Flashback (Flashback.S) that continues to exploit Java vulnerability CVE-2012-0507, which was patched by Apple around two weeks ago.

Intego warns this latest Flashback variant is actively being distributed in the wild (likely via drive-by-downloads) and does not require a password to be installed.

During installation, Flashback.S will place its files in the user’s home folder, at the following locations:

• ~/Library/LaunchAgents/com.java.update.plist


• ~/.jupdate

Once the installation is complete, Flashback deletes all of the files and folders in  ~/Library/Caches/Java/cache to remove the applet from the infected Mac and avoid detection or sample recovery.

Protect Yourself from Flashback Malware

If you haven’t done so already, I strongly recommend that you:

• Apply all of the security updates issued by Apple to remove common variants of Flashback, patch the Java vulnerabilities exploited by the Flashback malware, and disable Java browser plug-ins if they go unused for an extended period of time (Lion only).


• Consider disabling Java on your machine or toggle Java browser plug-ins as needed.


• Install antivirus software on your Mac. Sophos offers a free Mac antivirus solution, so you really don’t have an excuse for not doing it.


• Keep all software up-to-date and be careful of what files you download or websites you visit. Remember, you don’t have to visit a “shady” site to be infected by malware. Cybercriminals often use compromised sites to deliver malware via drive-by-downloads, including Flashback.

What measures are you taking to protect your Mac?

Researchers say 140,000 Macs still infected with Flashback malware

Despite all of the media coverage, free "detect & destroy" tools offered by multiple antivirus vendors and Apple releasing system updates to both remove the malware and patch the Java vulnerability that helped it infect over half-a-million Macs, Symantec says that there are still over 140,000 OS X machines infected by Flashback.

“The statistics from our sinkhole are showing declining numbers on a daily basis,” Symantec researchers wrote in a Thursday blog post, “However, we had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case.”



Symantec researchers stated that the domain name for the botnet’s command & control server changes on a daily basis, and that it’s not limited to using “.com” as the top-level domain: .in, .info, .kz and .net top-level domains are used as well.

Flashback has not gone without upgrades either. Symantec researchers pointed out that Flashback is capable of using Twitter to retrieve updated C&C locations by searching for specific hashtags generated by Flashback.K’s hashtag algorithm. How’s that for being resourceful?

Mac users that have not bothered updating their system with the latest Java updates from Apple should do so immediately.

As we’ve previously mentioned, Flashback isn’t the only piece of malware looking to exploit Java vulnerabilities in order to infect Macs. The Sabpab Trojan also exploits the SE Remote Java Runtime Environment Denial of Service Vulnerability (CVE-2012-0507) in order to infect OS X machines.

Update 4/23 -  There have been conflicting reports of how many Macs remain infected by the Flashback Trojan. Researchers over at Intego have discovered that DNS redirection may be playing a role in the conflicting reports. Check out what they have to say.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

New Mac Trojan Exploiting Same [Patched] Java Vulnerability as Flashback

This is a perfect example as to why it’s important that you keep your system patched and up-to-date regardless of what operating system you use.

Symantec has warned that a new Trojan horse, OSX.Sabpab is hoping to follow the digital footsteps of the Flashback malware by exploiting one of the (patched) Java vulnerabilities (CVE-2012-0507) Flashback used to infect over 600,000 Mac computers.

According to Symantec’s security bulletin, once Sabpab Trojan makes its way onto your system, it will create system files to ensure it loads on system start-up and open a backdoor to grant an attacker remote control over the machine to create new processes, download arbitrary files, take desktop screenshots and upload files to a remote server.

To avoid being hit by this latest threat, Mac users should make sure they’ve installed all of the necessary Apple updates to close the targeted Java security hole.

Considering Java vulnerabilities are often exploited to plant malware on vulnerable machines, users should consider toggling Java browser plug-ins as necessary to protect against drive-by-download attacks or disabling/uninstalling Java completely if it’s not needed to eliminate the threat altogether.

Additionally, it may be beneficial for Mac users to install antivirus software to add an extra layer of protection against malware threats. Sophos offers Mac antivirus for free, so why not give it a shot? Other companies like Intego, ESET and Kaspersky also offer Mac antivirus software, so if you prefer a specific vendor, I recommend checking them out.

Stay safe, Mac users!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Apple Releases its Flashback Removal Tool to Mac Users

Make sure you take a moment to update your computer today, Mac users.

Apple has kept its word and released another Java update, this time to remove the most common variants of the Flashback malware.

Aside from that, Apple’s advisory on the Java update for Lion states that it will "configure the Java web plug-in to disable the automatic execution of Java applets" to help thwart future malware attacks. Lion users will be able to re-enable the feature, however if the Java web plug-in goes unused for an extended period of time it will automatically be disabled again.

Meanwhile, the details for the Java update for Snow Leopard (OS X 10.6) recommends that the Java plug-in be disabled manually.

It is recommended that all Mac users who have Java installed on their machines apply the “Java for OS X Lion 2012-003” update.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

What’s the Latest on the Flashback Malware Outbreak?

It’s likely that you’ve heard about how the Flashback malware shattered the façade of superior security in Apple products by infecting upwards of 600,000 Mac systems, majority of which reside in the United States.

Since then, security researchers have been monitoring the size of the Flashback botnet, antivirus vendors have released free tools to help Apple users detect and remove the Flashback malware from their computers and naturally the banter between pro-Windows and pro-Mac users has increased.

However, amidst the scrambling of Mac users to determine whether or not their system had been infected and taking the proper steps to makes sure their malware-free Apple products remained just that, there is a bit of good – and interesting – news.

Researchers Report the Flashback Botnet Size Has Decreased

Dr. Web first reported that the Flashback botnet was 550,000 Macs strong on April 4^th and Kaspersky Lab confirmed that the botnet had grown to a whopping 650,000+ Macs two days later.

But then... the weekend came and the Flashback botnet lost it's mojo.

Kaspersky Lab reported that the number of infected Macs was cut in half, dropping down to 237,000.  Researchers believe that the “sinkholing” operations carried out by numerous security firms contributed to the decline of the botnet’s size by interrupting the communications between the zombie Macs and the malware’s command & control servers. Good job!

Security Vendors say Mac Antivirus Sales Have Increased

Aside from the botnet shrinking, it appears that Mac users took a big interest in antivirus software.

Peter James, a spokesperson for Intego, a French security company that specializes in Mac antivirus software, told Computer World that the company witnessed a substantial increase in both sales and downloads of their Mac antivirus software since the Flashback malware made headlines.

Graham Cluley of Sophos Security also stated that they’d seen an increase in Mac antivirus software downloads. Sophos offers a free antivirus solution, Sophos Anti-Virus for Mac Home Edition to help Apple users protect their systems.

Not too much of a surprise considering the circumstances, but interesting nonetheless considering Macs have always been marketed as malware free products that don't require the installation of an antivirus (/anti-malware) scanner.

Apple is Preparing a Removal Tool

One of the most surprising things about the Flashback outbreak – aside from the number of compromised computers – is the fact that Apple actually spoke out about a security issue before releasing a patch for it.

In the past, Apple has kept a tight-lip on any system vulnerabilities until it’s been investigated and a patch is readily available. Apple claims to do this to help ensure the protection of their users and associated systems, but as the Flashback Trojan has shown, not informing users of potential threats can do more harm than good.

Either way, Apple is currently developing an update that will detect and remove the Flashback Trojan from infected systems. Although the solution will come long after security companies have released their own free tools, it will still be useful since there’s likely to be users out there that haven’t been following the news and probably have no idea that their systems have been hit.

Update 4/13/12: Apple Releases its Flashback Removal Tool to Mac Users

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.