Russian researchers have discovered a botnet of more than 600,000 Macs. Yes, Macs — you know, those things that don’t get malware. Apple (NASDAQ:AAPL) is coming under heavy criticism for its slow response to known vulnerabilities and for perpetuating the myth that OS X is malware-free. In IT Blogwatch, bloggers rush to grab the update.
[Update 2: Mac fans defend their favorite platform amid deafening laughter]
By Richi Jennings: Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Almost gliding an Airbus into LAX…
Dan Moren reports in measured tones:
It can now infect your computer from…a visit to a website. … The latest variant…takes advantage of a weakness in Java SE6…CVE-2012-0507, allows the malware to install itself from a malicious website…without needing the user to enter an administrator’s password.
Apple has long been criticized for lagging…when it comes to updating Java for security patches.
[But] there’s no need for widespread panic.
Er, Dave Neal says it is time to PANIC:
[A] botnet…has hijacked an impressive 600,000 infected Macs. … Infected web sites…range from some related to films through streaming television services to something called Gangstasparadise.
[T]here might be four million compromised web pages…and cases of infection when visiting dlink.com.
The anonymous Russian gnomes at Dr. Web measured the botnet:
Attackers began to exploit [these] vulnerabilities to spread malware in February 2012. … The vulnerability has been closed by Apple only on April 3. … Most infected computers reside in the United States (56.6%)…Canada comes second (19.8%)…the third place is taken by the United Kingdom (12.8%)…and Australia with 6.1%…is the fourth.
Mac users [should] download and install a security update released by Apple from support.apple.com/kb/HT5228.
Brian Krebs has strongly-worded criticism of Apple:
Apple stopped bundling Java by default in…Lion, [but] it offers instructions for downloading and installing [it] when users access webpages that use it.
I can’t stress this point strongly enough: If you don’t need Java, remove it from your system. … Apple maintains its own version of Java, and [is] unacceptably far behind Oracle in patching critical flaws. … [Its] lackadaisical…response to patching dangerous security holes perpetuates the harmful myth that Mac users don’t need to be concerned about malware.
And Adrian Sanabria backs him up:
Despite what Apple…would have you believe, Macs are not invulnerable…malware targeting OS X does exist. … [The] operating system isn’t a panacea when it comes to security - only less targeted. Until now.
[If] accurate, such a large infection rate on Macs may change common perception of OS X as “virus-proof.”
Update: Philip Elmer-DeWitt eats, if not crow, then some sort of dark-colored avian fauna:
Having written several times…about the relative security of Apple’s…operating systems…I feel obliged to report that Mac OS X is under…the most serious malware attack to date.
Meanwhile, Mike Magee’s minions mostly mock Macs:
Apple users will be suffering a crisis of faith, as…its faith-based security system failed to prevent [this].
[H]apless Mac users…have mostly been twiddling their thumbs, satisfied with the impenetrable fortress…that Apple’s machines are, for some reason, perceived to be.
Update 2: Dave Schroeder defends against the schadenfreudenistas:
[No] sensible person ever said “Macs don’t get infected.” … It’s just a lot less likely…even accounting for differences in marketshare.
Macs, as a whole, are indeed “more secure”, in that still, to this day, you are far less likely…to become impacted with any malware than with Windows. Maybe someday this will change. … The fact that single instances of Mac malware get so blown out of proportion, still, is ridiculous.
The same advice and best practices for avoiding malware apply to Macs…and Mac users would do well to run current AV software.
You know who’s surprisingly similar? Yasu from Umineko and Serph from Digital Devil Saga.
Both have a true OTP of the series that no one would deny, that’s the other half of them in degrees of varying literalness. Both of them are incestuous with said OTP. Both, nonetheless, are to a lesser degree in love with the rest of their family/tribe. Both deal with intense sexual jealousy from someone in their family/tribe who they also love, but not the same way they love their OTP. Both have a really high bodycount. Both of them deal with their one true love fearing them to be a villain. Both of them have an odd identity, and people find it really easy to project their feelings onto them.
When you consider that Sheffield was involved in a crazy scheme to channel god, I can only conclude that he is actually Yasu’s grandchild, who unfortunately inherited the worst parts of Kraus and Kinzo.
…is apparently destroyed by tumblr erasing my post, wtf.
Okay, I have no clue what I’m doing, but here’s my tumblr! Stuff may or may not be posted, but at least the layout is cheerful.