In the past month, the Flashback virus infected nearly 700 Macs that connected to the University of Iowa network. In a two-week period, Information Technology Services (ITS) saw an 81 percent increase in walk-in traffic to the Help Desk. Call volume shot up 19 percent, and e-mail requests for assistance surged 9 percent.
“The reaction of most people with compromised machines was just plain shock,” says Jody Thorson, a software consultant with the Help Desk. “They’d say, ‘I have a Mac, I thought Macs didn’t get viruses.’ I guess the bright side of this situation is that people were brought to reality that Macs aren’t virus-free. Now they’re aware that there is vulnerability, and they will do more to protect their machines.”
The majority of infected computers were student or self-managed (personal) machines with no anti-virus software. Campus Mac administrators ensure that campus machines are regularly updated, patched, and equipped with anti-virus software, but average users aren’t always as careful.
“The reaction of most people with compromised machines was just plain shock. They’d say, ‘I have a Mac, I thought Macs didn’t get viruses.'"
—Jody Thorson, software consultant with the ITS Help Desk
"Until a month ago, most Apple users didn't think they were vulnerable," says Warren Staal, a senior analyst with ITS' Information Security and Policy Office. "The reality is that Mac computers, just like Windows-based operating systems, are susceptible to malware attacks from cyber-criminals."
The Flashback malware exploited a known Java vulnerability on the Mac operating system, allowing the malware to steal passwords and other data. When the campus network monitoring system detected an infected computer, it would signal an alert so the machine could be blocked from connecting to the Internet either via their campus network port, UI wireless, or ResNet connection. Users were told to contact the Help Desk, which assisted them in updating or reformatting their computers.
Backing up documents, photos, and music, restoring the machines, and changing passwords was, of course, an inconvenience for affected Mac users. But generally, Help Desk staffers said people were grateful to be alerted to the password-poaching virus—which they wouldn’t have realized they had.
UI technologists used the opportunity as a teaching moment to promote security precautions such as installing anti-virus software, using firewalls, backing up data, and setting and resetting hard-to-crack passphrases. They also advise users to keep patches for their operating system and applications up to date. (Symantec anti-virus software is available free on the ITS Software Central website to UI students, faculty, and staff affiliated with academics. UI Hospitals and Clinics staff can find free anti-virus offerings from Microsoft, Avast, AVG, and others online.)
The message is important, they say, especially as Mac usage continues to grow globally and at the UI. In the last year, the total number of UI-managed computers grew 2 percent, but the percentage of Macs in that category grew by 21 percent. Apple reported sales of $6 million for OS X “Lion” in the four-month period after its release last July.
The Information Security and Policy Office has seen Apple’s OS X systems compromised in the past, but as Macs have become more popular for users, they’ve also become a more popular target for attackers.
“Criminals develop malware to infect computers and sell the stolen data,” Staal says. “As Macs gain a larger chunk of the market share, bad guys have more incentive to develop Mac malware. There is risk each time we use technology, and a misfortune like Flashback is a wake-up call. We hope people will think of this before they ignore the reminders to update operating systems and applications.”
Security tips and resources
The best defense is a great offense when it comes to protecting your computer and information. This is true for all computers—Macs, Windows, or Linux-based systems. Layer your defenses so that when one technology fails there is another obstacle blocking the escalation of an attack.
- Install operating system updates as soon as you know they are available.
- Install an anti-virus program. Set it to update and scan your computer regularly.
- Back up your data.
- Turn on and use the firewall that comes with your standard operating system.
- If your computer is infected, reset all known passwords you may have used on that machine. The vast majority of malware infecting systems steal login and password information.
- Keep patches up to date on everything you can (not just the OS).
- Disable unneeded plugins.
ITS security resources