Three years ago, at the beginning of April 2012 "Doctor Web" reported the discovery of a botnet consisting of hundreds of thousands of computers Mac, which were infected with Trojan BackDoor.Flashback. In honor of this date antivirus company launched the project "Threats for Mac», dedicated malware for OS X and tools to combat them.
Botnet was the largest for Apple computers and is still active. Since then, the company said, have been identified, investigated and described many other malware targeting OS X.
Because of the operating system OS X, which does not allow to run any executable without the user's knowledge, an important role in security incidents played by the human factor.Attackers is well known. Project "Doctor Web" is intended to focus attention on the rules preventing threats for the Mac.
The materials and a detailed explanation of this "loophole" for the Trojans as a vulnerable side software installed on the "make" (in the past, it was a similar vulnerability has played a role in the widespread BackDoor.Flashback). Recommendations will help avoid annoying hassles associated with other people's mistakes.
As Trojans penetrate a computer?
Method 1: applications with malicious code
Apple positions OS X as the operating system, the most resistant to malware infection.Unable to launch any executable code without the user's knowledge, it would seem, is to minimize the human factor contributing to the infected computer. Unfortunately, Mac users download applications not only in the official catalog App Store. Programs and videos for poppies are often offered questionable daunload resources, which, of course, no one checks for malicious applications. These and enjoy virus writers.
Malicious content can be downloaded to your Mac's own - often together with the film and offered him an update for Flash Player or with a hacked copy of expensive programs for which you do not want to pay the developer.
In this case, the malicious program enables the user clicking on negligence on the button that triggers the installation of the Trojan.
If the computer novice user (child or elderly person), the chances of infection increase.
Method 2: Vulnerability
Trojans are distributed through vulnerabilities (or exploit). This is an error in the code - original hatches through which malware can infiltrate the poppy without the user's knowledge.
That vulnerability played a major role in the dissemination of the first large-scale epidemic for Mac OS X, which was due to the Trojan BackDoor.Flashback.39.
- Starting from February 2012 are then used to spread the Trojan BackDoor.Flashback.39 just two vulnerabilities in the virtual machine, Java, and after 16 March, they began to use another exploit.
- March 2012 - Oracle has released an update of the virtual machine Java, containing fixes for vulnerabilities that operates BackDoor.Flashback.39.
- In April 2012, Apple released an update own implementation of Java-machine, closes the vulnerability exploited by the Trojan BackDoor.Flashback.39.
Around the world have been infected about 650,000 BackDoor.Flashback the Mac. More than 4 million websites spread Trojan.
Malicious websites are actively used to disseminate BackDoor. Flashback. At the end of March in the Google SERP was attended by more than 4 million infected web resources.
How to protect from infection Mac: version of "Doctor Web"
- Load the program only with the software publisher or the official catalog of applications for OS X.
- For real-time protection using anti-virus, which includes the resident caretaker (eg, Dr.Web Anti-virus for Mac OS X, this component is called SpIDer Guard).
- Protect your poppy malware on websites using Web Anti-Virus (eg, Dr.Web SpIDer Gate, which will provide a full scan of HTTP-traffic and control access to Internet resources by subject categories).