April 30, 2012
Most people aren’t running anti-malware (more commonly called anti-virus) software on their Macs, and Apple doesn’t build it in to Mac OS X. Macs have started to become targets, however, for malware. It hasn’t been a serious problem until recently, when it was discovered that at least 600,000 Macs were infected with malware called Flashback. And there’s a new one now out there called SabPub.
How do I get infected by a virus or malware?
The most common way people get infected, on both Macs and PC’s, is by opening an email attachment which secretly contains the malware. Sometimes these are obvious, like fake notices from UPS saying you have a package waiting and you need to open the attachment for information. Sometimes they’re more subtle, such as appearing to be from someone you know. Even some Microsoft Word documents can potentially infect your computer.
Visiting certain websites can also infect your computer. Even sites that should be ok might contain an attack, possibly unknown to the site owner.
What does malware do?
Flashback (the Mac malware du jour) exploits a security hole in Java. What does that mean exactly?
Java is a programming language that your Mac uses to run various under-the-hood things. Some clever hacker figured out that a specific program, written in Java, allows him to take control of your computer. The people who created Java didn’t mean for this to happen; it’s a bug.
So if your Mac is infected, then the hacker, somewhere out there on the internet, could send it instructions to do–well, lots of things. For example if 600,000 Macs are infected by Flashback, that means somebody could tell all 600,000 Macs to go to the same company’s website at the exact same time, forcing that website to crash and thus affecting that company’s online business. Or somebody could reach into your computer and take your information, including passwords and documents.
What should I do?
The way to avoid Flashback (or to get rid of it if you have it) is to update Java on your machine. The newest version of Java won’t let that specific Flashback program run (or ones like it). So it seals the hole, it fixes the bug.
Running the current Java update won’t protect you forever though. Another smart hacker will probably find yet another way to get into your Mac. So you should continue to be careful about opening attachments in emails, and about visiting websites that don’t sound kosher. And you should also continue to keep your computer system and software up to date, by running Software Update in the Apple menu.
Image is by Dave_B_ from Flickr Creative Commons.