By James DeRuvo (doddleNEWS)
Well, it was fun while it lasted. Sure, Apple users have long been safe from the myriad of exploits and malware that have plagued Windows users, but that has largely been due to being able to fly under the radar thanks to a low market share. But that has changed in the last year thanks to rising sales and hackers widening their net to include OS X. Mostly, this is accomplished with third party exploits like this new one which exploits a whole in Apple’s Java client. But they aren’t alone, it’s also striking Windows and Linux users as well.
The Java exploit, known as “Backdoor:OSX/GetShell.A” was discovered by the virus research company F-Secure, which states that it relies primarily on social networking to get users to run a Java Archive file. Originating in Columbia, the exploit is not considered a major threat to any platform, but does infect across all platforms including Mac OS X, and that’s what makes it unique and noteworthy.
And here’s what’s clever about it. The Java code determines what platform the user is running on and then, if it determines to be OS X, the malware remotely connects to an IP address through port 8080 to obtain additional code to execute the malware.
“Once it has found out which operating system you are running, the Java class file will download the appropriate flavor of malware, with the intention of opening a backdoor that will give hackers remote access to your computer,” explained Graham Cluley, senior technology consultant with Sophos.
But it does underscore that MACs are no longer the completely safe platforms they once were. This exploits joins two others – all based on Java – which have been able to co-opt more than a half million Macs. In 2010, a Trojan known as “trojan.osx.boonana.a” hit both MAC and PCs. And last year, a trojan horse named “Flashback” struck over 600,000 MACs in the US, prompting Apple to work overtime and release a series of software updates to address them.
But Intel OS X users need not lose sleep over this current exploit. In fact, this back door exploit originated as a PowerPC binary, which means users running a modern, Intel-based Mac must also have Rosetta installed in order to be infected. Not likely.
But it’s important to keep in mind that MACs are no longer the niche platform they once were. Hackers are now including them in their exploits and the number of trojans that will target the MAC platform will continue to grow moving forward. So it’s important to be sure that your OS is patched and updated, and maybe, just maybe it’s time to consider getting a MAC based antivirus utility like Eset’s Cyber Security for the MAC. Meanwhile, there’s things you can do to keep your platform trojan safe:
1. Don’t open email attachments; even if it’s from someone you know. If you do get something from someone you know, make sure that they really sent it to you.
2. Don’t click links in email. That link could lead you to a phishing site, or the link may lead you to install malicious software. Copy and paste links into your browser, or type them in by hand instead. Another reason to disable HTML email – the HTML hides the real destination of that seemingly innocuous link.
3. Don’t download files from places you aren’t absolutely sure are safe. Stick with the well known sites. Teeneagers who use filesharing software like BitTorrent, Azureus, etc., often unwittingly download spyware and trojans. Also don’t click on links that strangers send you in social networking sites. Don’t accept links to update Flash (they have been known to pop up when you visit some websites). Go directly to Adobe and let it determine if you need a new version of flash. (Steve Jobs was right)
4. Update your OS regularly! Turn on automatic updates in OS X and Windows. Apply all critical updates immediately. Criminals often create hacks within 24 hours of an OS being patched (these are called zero day exploits), so you need to protect yourself the day the patches appear.
5. Use a firewall. The best firewall is a hardware router – the kind you use to share an internet connection. Even if they’re not billed as firewalls, they are, and they’re quite effective.