Mac Malware Outbreak Is ‘Bigger than Conficker’

An estimated 600,000 or more Macs are currently compromised and part of a massive botnet thanks to the Flashback Trojan. To put the size of the threat in some perspective, the Flashback Trojan botnet is even bigger than the massive Conficker botnet…relatively speaking.

The Conficker botnet compromised an estimated seven million plus Windows PCs around the world at its peak. Seven million is obviously much larger than 600,000, but Windows also has a significantly higher number of PCs in use around the world.

According to current data from Net Applications, Mac OS X is the number two desktop OS with 6.54 percent market share. Windows, on the other hand, accounts for 92.48 percent of the market. Based on market share, the Flashback Trojan botnet is equivalent to a Windows botnet of nearly 8.5 million PCs. That makes it an even larger threat than Conficker–just on a much smaller platform.

The Flashback Trojan is actually a misnomer at this point. It was a Trojan horse when it was originally discovered last year. A Trojan horse–as the historical reference implies–is malware that is disguised as something benign. The original threat masqueraded as an update for Adobe Flash that compromised machines when executed.

The current version, however, is more of a drive-by download threat. It doesn’t require any user interaction, or passwords. If a user visits a malicious or compromised website, the Flashback malware runs automatically and vulnerable systems are infected.

A malware attack such as this has even greater odds of success on Mac OS X than it does on a Windows system. The Mac OS X system itself is not less secure or prone to infection than Windows per se, but the Mac culture is conditioned to believe the OS is virtually invulnerable. Fewer users have any security software installed to protect their Mac OS X systems, and Mac OS X users are more likely to click links and open files without thinking twice.

It doesn’t help anything that Apple perpetuates the myth of invulnerability. It takes time to develop a patch, but as soon as Apple was aware that the threat existed, it should have proactively communicated to Mac OS X users to make them aware. In fact, it should have provided users with instructions to disable Java and mitigate the threat pending a patch to resolve the issue. The fact that it didn’t is probably a contributing factor to why the Flashback botnet is as large as it is.

Apple isn’t to blame for the threat. The vulnerability is in Java, not Mac OS X. But, Apple needs to understand that with the success of Mac OS X comes increased attention from malware developers, and malware attacks often go for third-party low-hanging fruit like Adobe Flash or Java.

Apple needs to be more proactive, and more honest with users about security concerns if it wants to contain future threats and prevent massive outbreaks such as this.