The latest report of Mac malware come to us from Sophos Security. The malware in question is called NetWeird and it’s definitely interesting. As Sophos points out, the virus is poorly written and really has next to no chance of infecting you. Funny enough, hackers are selling this new virus on the black market for $60.

What does this poor excuse of Mac malware do? It installs itself into the Mac home directory, but it can’t even get that right. The best kind of viruses install themselves as an application so that it’s always running whenever you reboot your Mac. This particular virus installs itself as a folder thus making it pretty much useless.

The team at Sophos also reports that the malware reports back to a server in the Netherlands. If it does infect your Mac, it will be able to run programs and send information all from this remote server. The worst it can do it is send password files from third-party browsers to the host server. Any would be criminal who bought this piece of trash for $60 should be asking for their money back.

Even better, Mountain Lion’s default security settings prevent this particular piece of malware from even being installed. The latest version of Mac OS X will prevent any software not from the app store or a verified developer from being installed.

Although NetWeird is a poor excuse of a virus, it should be taken as a sign. Hackers are turning their attention towards Mac owners. It won’t be long before a much better coder will make some form of malware that will be able to bypass all the security on Mountain Lion and do more damage than previously thought.

It’s always good to remember the basics of dealing with computer security. One should only download apps from trusted sources. Never install anything that sounds too good to be true, because it likely is. Finally, just use some common sense when dealing with potentially suspicious files.

After releasing an update to patch the hole and prevent new infections, Apple eventually released their own Flashback removal tool, but not before 600,000 Macs were infected. The incident served as a wake-up call to many Apple fans. It also, it seems, served as a wake-up call to Apple themselves. For years Apple used a supposed invulnerability to PC viruses as a major marketing tool for Macs. Case in point, one of the famous “Get a Mac” ads from a few years ago:

Now, though, Apple has quietly removed any reference to the Mac’s supposed invulnerability to malware. Though they continue to tout OS X’s inherent security, the description of its security features on Apple’s website is much more cautious. They even include a few security tips:

Interestingly, they say nothing about the one security rule that PC users take for granted: anti-virus software. While it’s true that Mac users find it easier to get by without anti-virus software than PC users, the Flashback incident proves that just trusting in your Mac’s inherent security isn’t enough. While it’s good to see Apple moving in the right direction, they still have a ways to go.

Late yesterday Apple pushed out updates to OS X Leopard that included several Flashback-related security fixes. First and foremost, the update includes Apple’s Flashback removal tool, which “removes the most common variants of the Flashback malware.” Second, an update to Safari turns off the browser’s Java plugin, thus closing the vulnerability that was allowing Flashback to install on users’ computers. Of course, for Leopard users who feel like living on the edge, there are instructions for turning it back on. Finally, the update now disables outdated versions of Adobe Flash Player, pointing users to Adobe’s website so they can download the most up-to-date (i.e., most secure) version of Flash Player.

Now, if you’re a Leopard user who hasn’t gotten these updates yet, go ahead and fire up Software Update and get them. But you probably shouldn’t get too used to having Apple throw updates your way. With Moutain Lion coming soon, Leopard is about to be three full generations behind, which means that Apple isn’t likely to pay it much attention unless there’s another major malware outbreak.

The result of the Flashback threat has been to draw increased attention to the security situation of Mac computers. One recent study found that as many as 20% of Macs are carriers for Window-targeted malware, while security firm Kapersky Labs recently claimed that Apple was a decade behind Microsoft in terms of security.

The situation apparently got Apple’s attention, as well. According to Computing, Apple has asked Kapersky to analyze the security of OS X and make recommendations to improve it. Nikolai Grebennikov, Kapersky’s CTO, said that OS X is “really vulnerable,” and that Apple “doesn’t pay enough attention to security,” noting that the Java vulnerability that allowed Flashback to infect Macs had been patched by Oracle months before the outbreak, and Apple hadn’t bothered to release an update for OS X.

For the moment, Kapersky will only be working on OS X, though Grebennikov foresees similar security issues with iOS in the next year or so, unless Apple takes further steps to secure the platform.

Still, Flashback is not quite dead yet – it’s only mostly dead. Boris Sharov, head of Dr. Web, the Russian security firm that originally discovered the Flashback malware back in April, told Forbes that “[i]t’s going very slowly, and there’s still a ways to go.” Nevertheless, he said, new infection rates are almost nonexistent and the number of infected computers – still around 460,000 – is dwindling by about 100,000 per week. At that rate, Sharov said, “I think in a month it will be over.”

Sharov said that the process of cleaning up infected computers is going far more slowly that it would have if Flashback had been infecting Windows-based computers, rather than Macs. Sharov blames Mac users’ tendency to view their computers as immune to threats posed by malware. Unfortunately, Apple itself has tended to encourage that view over the years. For example, the Mac’s supposed immunity to viruses was the subject of one of their famous “I’m a Mac” commercials back in 2007:

It is true that Macs have had far fewer problems with viruses and malware over the years, and it is true that the underlying structure of OS X is somewhat more secure than Windows. Nevertheless, part of the Mac’s supposed immunity is a factor of its smaller market share: there are far more Windows computer than Macs, and creating malware for Macs has been far less cost-effective than creating it for PCs.

The Flashback malware has had a huge impact on the Mac security landscape. For one, Flashback is one of the first Mac-targeted malware programs that doesn’t require user interaction to download and install. It gets in through a (now patched) flaw in Java that allows it to install on a user’s computer if they so much as visit an infected website. Additionally, Flashback appears to have been quite profitable. As we reported yesterday, at its height Flashback was netting its creators around $10,000 per day.

If other malware creators learn to duplicate Flashback’s success, it’s a safe bet that the era of the virus-free Mac is drawing to a close. While viruses may never be the kind of problem on Macs that they are on PCs, Mac users can’t afford to ignore malware completely anymore.

The Flashback malware took advantage of an unpatched vulnerability in Java to install on users’ Macs if they visited an infected website. Unlike most Mac-targeted malware, it required no interaction of any kind by the user, making it especially dangerous. Apple quickly released an update to Java that patched the exploit, then released another update that would remove Flashback from infected machines.

In all the hubbub over Flashback, though, it was never quite clear what Flashback did, what its purpose was. While some people write malware just for the fun of it, there is usually some deeper (i.e., monetary) purpose behind it. Well, according to a recent report by Symantec, Flashback is no different. When a user visited an infected website, the Flashback malware was installed, and then downloaded an ad-clicking component. Here’s how Symantec explains it:

The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser. Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker’s choosing, where they receive revenue from the click . (Google never receives the intended ad click.)

The ad click component parses out requests resulting from an ad click on Google Search and determines if it is on a whitelist. If not, it forwards the request to the malicious server in the following form:

http://[FLASHBACK_DOMAIN]/search?q=[QUERY]&ua=[USER AGENT]&al=[LANG]&cv=[VERSION]

Flashback uses a specially crafted user agent in these requests, which is actually the clients universally unique identifier (UUID) encoded in base64. This is already sent in the “ua” query string parameter, so it is likely that this is an effort to thwart “unknown” parties from investigating the URL with unrecognised user-agents.

Upon further investigation, Symantec found that each individual click recorded was worth about $0.008 to whoever created Flashback. Given the rate of infection, they estimate that the malware made its creators as much as $10,000 per day, while costing Google a similar amount of money in lost revenues.

Unfortunately, creating malware is an extremely profitable business. Though Mac users have been largely immune to malware concerns in the past, the Flashback incident proves that they are not as safe as they might think. What’s more, even when a Mac is free of Mac-targeted malware (which is still relatively rare), as many as 20% of Macs are carriers for Windows-targeted malware. The moral of the story, then, is that if you don’t want your Mac infected and you don’t want your Mac to infect your friends’ Windows-based computers, then it’s probably time to bite the bullet and install some anti-virus software.

Eugene (Yevgeny) Kaspersky, co-founder and CEO of the Russian headquartered lab, had pointed out at the Infosecurity Europe 2012 conference – “I think (Apple) are ten years behind Microsoft in terms of security – For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but this one was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms.”

Not to say that Apple hasn’t done a good job in containing the Flashback malware, which exploited an opening in Java to infect computers that merely visited an infected website. Below is a graph documenting the containment effort, courtesy of Kaspersky competitor Symantec:

Kaspersky adds, “Apple is now entering the same world as Microsoft has been in for more than 10 years: updates, security patches and so on.” With hackers able to build upon the successes of a larger pool of mac-based malware tips and tricks, Kaspersky points out that Apple will be forced to invest more in seeking out vulnerabilities and expanding a more secure cycle of updates.

Kaspersky Lab is currently the third largest vendor of IT security-based software in the world, and the company stands as one of the few international firms coming out of Russia not dealing with natural resources or energy – and there is been no mention of any rapping billionaires who’ve made their fortunes in precious metals surrounding the firm.

Macs have long been thought to be virtually immune to malware. That, however, has proven untrue. The fact is that although the underlying structure of the Mac OS is somewhat more secure than that of Windows, the main thing that has been protecting Mac users for all these years is the Mac’s far lower market share. Since the vast majority of personal computers are Windows-based, malware creators see little need to focus their attention on Macs. Flashback has proven, however, that Macs are much more vulnerable than Mac users had previously thought.

Now, a recent report has shown that far more Macs are infected with malware than previously thought. Sophos Security, makers of free anti-virus software for Macs, has released a report showing that 20% of Macs are carrying around malware. Now, although that number seems awfully high, there is a bright side: the malware those Macs are infected with is actually designed for Windows computers. That’s good news for Mac users, as the malware isn’t likely to actually harm their computers. The bad news, however, is that if you’re a Mac user whose computer is infected with Windows malware, you’re a carrier. Unless your computer only interacts with other Macs, then you run the risk of infecting Windows computers with malware from your Mac.

When it comes to malware that’s actually targeted at Macs, the picture is a little less grim. Sophos’s data shows that only 1 in 36 Macs is infected with Malware actually designed for Macs (like Flashback). Unfortunately, though, the odds are pretty good that that number will go up in the not-too-distant future. As Sophos points out, Macs make a “soft target” for hackers, because the majority of Mac users don’t have anti-malware software installed on their machines. After all, it’s a Mac, right? Sadly, the days when Mac users could hide behind their computer’s brand name appear to coming to an end.

Fortunately for Mac users, though, there is a decent selection of free antivirus software available for Macs. In addition to Sophos’s own software, there is ClamXav, which has been around since long before most Mac users thought they needed anti-virus software, as well as PC Tools iAntivirus. There are also paid options offered by the “big names” in computer security – McAfee and Norton.

Mac users, do you use anti-virus software on your Mac? If not, do you plan to install it anytime soon? Let us know in the comments.

That data comes from a recent blog post by Symantec, which notes that the numbers are continuing to decline. They project that within just a few days, the infection rate will be below 99,000.

The Flashback malware was originally discovered at the beginning of this month. At 600,000 infections, Flashback was the most widespread malware to hit Macs yet. While ordinary malware aimed at Macs requires user interaction before it can be installed on a computer, this variant took advantage of an exploit in Java that allowed it to install itself if the user so much as visited an infected website. After an initial Java update from Apple patched the exploit, several free software tools popped up to help users detect and remove the malware. Last week, Apple released another Java update that would remove Flashback from infected machines.

According to Symantec’s data, it looks like these measures have been quite effective. The vast majority of infected Macs are clean. Moreover, as more and more people download the Java update (or use one of the removal tools), the number of infected machines will likely only continue to drop.

Today, Apple rolled out a new update to Java that should remove “the most common variants” of Flashback. It also prevents Java applets from running automatically, though users have the option of re-enabling this feature manually if they so choose.

You can find more information on Apple’s description of the update here. The update can be downloaded from Software Update on your Mac.

This is actually the third Java update Apple has released since this Flashback variant was discovered early last week. While malware targeted at Macs has historically required direct user interaction to install (usually masquerading as something legitimate to trick the user into giving it access), this Flashback variant is different. It exploits a flaw in Java to install itself on users’ Macs if they so much as visit an infected website. Shortly after it was discovered, Apple released a Java update that patched the Java exploit, followed just a couple days later by a second Java update.

In addition to a walkthrough that allowed users to find and remove the malware using Terminal, several free tools were released earlier this week that allowed users to find and remove it a little more easily. On Tuesday, Apple announced that they were developing their own tool to detect and delete the malware. It was unclear at the time what form that tool would take. Apparently it took the form of a third Java update.

When Flashback malware was first discovered, it was estimated that upwards of 600,000 Macs around the world were infected, most in the U.S. and Canada, with significant numbers in the U.K., Australia, and elsewhere, as well. It is unclear how many device remain infected now that the malware is widely known and tools exist to remove it.

Apple’s Mac operating system has long had a reputation for being virtually immune to the viruses that plague users of Windows-based PCs. As the Flashback malware has proven, however, Macs are hardly immune. Flashback has been the most widespread malware infection to hit Macs yet. Some might be inclined to treat Flashback as a harbinger of some torrent of Mac-targeted malware. While that is certainly an exaggeration, Flashback does serve as a reminder to Mac users that they are not immune to such problems, and should exercise the same kind of vigilance and caution that Windows users (usually) take for granted.

At any rate, if you have Java installed on your Mac, open up Software Update and download the new version as soon as you can.