New Flashback Trojan Variant Found

By | Apr 30, 2012

Mac users had a rude awakening with the recent Flashback Trojan epidemic, the biggest incident for OS X to date. Though Apple released patches, removal tools, and instructions over the past week, the decline in infected systems isn't what Symantec expected. Now that Macs have gained market share, and will probably only continue to do so, more incidents are likely to come. Now, as a senior IT professional, you ideally already had anti-malware and firewalls in place. However, if your measures weren't enough, or if you have employee-owned Macs in the workplace, you might be dealing with the fallout.

Macs Are No Longer Safe

In general, Mac users have had the safety of being a low-priority target and therefore, not much a target at all. This has been due to low market share, but Macs have become more popular. Presumably, high iPad and iPhone adoption rates have turned more attention toward Apple's other products, including the Mac. At any rate, it's obvious now that cyber criminals have deemed OS X a worthy target.

The Flashback Trojan issue hasn't subsided very quickly, as there are still apparently 140,000 infected systems, according to TechRepublic. The Trojan was originally distributed by tricking users into downloading a "Flash plugin." Considering that some 600,000 units were affected, your end users are just as callous as ever. And it doesn't stop there. A new variant of Flashback was discovered by Intego, one that does not even ask for a password; it exploits a Java vulnerability that only requires you to visit the wrong Web site, according to ZDNet.

Mac Users Can't Dawdle

This is only further reinforcement that, if you have any, your midsize business's Mac users can't dawdle. Java patches are critical, but beyond that, perhaps evaluating your security solutions to make systems "foolproof" or as close to it as you can is necessary--especially now that Macs are a growing target. If you had any such lackadaisical attitude toward Macs in the workplace, now is the time to ditch it.

This is also a reminder that while the "bring your own device" (BYOD) movement is tablet and smartphone centric, that's not what it's all about. Employee-owned laptops clearly need managing as well, and your solutions need to reflect that if your midsize businesses infrastructure is to succeed. In fact, high workplace adoption rates of smartphones and tablets may only serve to drive the desire for personal laptops in the workplace as well. Your needs may not be that of a larger business, but the burden of security remains. Luckily, as a midsize business IT professional, you have the, albeit negligible, benefit of dealing with fewer devices in all.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

IBM Solution Security & Resiliency

IBM IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic

Three Security Concerns for 2016

By Allan Pratt on Dec 4, 2015
As we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and ...