Flashback Mac Trojan Sputters and Stalls

A week after the Flashback Trojan began running rampant on Macintosh computers, the malware appears to be in remission.

The number ofinfections from the Trojan have plummeted to around 270,000, from a highof more than 600,000, according to the latest numbers from Symantec.

“Many of the domain names that were in charge of the botnets have been taken over, so the chances of the attackers building their botnets again from those machines is pretty slim,” Symantec Researcher Liam O Murchu explained to TechNewsWorld.

New Variants

Mac owners still need to remain alert, cautioned Dave Marcus, director of advanced research and threat intelligence for McAfee Labs.

“I think you will see new variants hit the wild in the next couple of weeks,” he told TechNewsWorld. “How successful they will be will be spotty, though.”

A new Trojan that exploits the same vulnerability used by Flashback has already been spotted by F-Secure. “This one is called ‘Sabpab,'” the company’s Chief Research Officer Mikko Hypponen told TechNewsWorld. “It drops a full-blown remote-access Trojan on the infected systems.”

Mac owners can expect to start seeing many of the naughties that PC owners have had to put up with for years, maintained Ivan Macalintal, researcherTrend Micro.

“You’ll see more of these things in Macs in the future,” he told TechNewsWorld. “They’re on the radar of cybercriminals right now.”

No Permissions Needed to Steal Data

Concern has been raised in recent weeks over Android apps abusing their access to data on devices on which they’re installed. For example, they may use a permission to access GPS data to grab that data, then ship it to a marketer without informing the owner of the phone.

Those concerns tickled the curiosity of the Leviathan Group‘s Paul Brodeur, and he wondered just how much information an Android app could access without any permissions at all.

What Brodeur found was that a permissionless app has read-only access to everything on a phone’s SD card, such as photos, backups and external configuration files. On his card, there were even some open VPN certificates.

He could also fetch a file that listed all the apps installed on his phone. “This feature could be used to find apps with weak-permission vulnerabilities,” he wrote in a company blog.

Device identity information could also be eyed, he noted, such as the Android ID, a 64-bit number randomly generated when a device is first booted which remains constant thereafter.

While network access for a permissionless app would be restricted, Brodeur discovered a way for the app to exfiltrate information it gathers from the phone by exploiting a browser call that can be accessed without any special permissions.

“I found that the app is able to launch the browser even after it has lost focus, allowing for transmission of large amounts of data by creating successive browser calls,” he explained.

Risky Behavior

Web surfers see running a computer without security software as riskier than leaving a car or home unlocked, according to the results of a survey released last week by Webroot, a provider of cloud securitiy services.

The poll was designed to gauge the perceptions of Internet users about online risks compared to offline risks. Among the findings in the survey of more than 1600 internet users 18 years old and older:

  • Sharing a password is nearly as risky (85 percent) as driving without a seatbelt (87 percent) or driving without automobile insurance (88 percent).
  • Making a credit card purchase from an unknown website is riskier (75 percent) than sharing personal information over the phone (65 percent).
  • Adults feel more threatened opening an email attachment from an unknown person (81 percent) than arranging an in-person meeting with someone they’ve met online (72 percent).

Breach Diary

  • April 12: Housatonic Community College in Connecticut reported a data breach that may have compromised personal information of 87,000 members of school’s community. Files suspected to be breached contain names, addresses, dates of birth and Social Security numbers for faculty members, students and staff who had spent time at the school since the early 1990s.
  • April 12: Case Western Reserve University, in Cleveland, notifes 600 alumni their Social Security numbers could be in a thief’s possession after two laptop computers were stolen from the school’s campus in February.
  • April 13: Desmond Hotel in Albany, N.Y., notified customers that a data breach had compromised credit and debit card records of guests between May 21, 2011, and March 10, 2012.
  • April 13: Global Payments, the victim of a data breach that compromised 1.5 million credit card records, was named in class action lawsuit filed by Natalie Willingham, of Georgia, for failing to adequately protect her data.
  • April 13: Utah residents were cautioned that they may be targets of scams following data breach last week that compromised the Medicaid records of some 700,000 citizens of the state.


John Mello is a freelance technology writer and former special correspondent for Government Security News.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Malware

Technewsworld Channels