Richi Jennings

Yes, Mac malware is real: Even Apple hacked

February 20, 2013 6:12 AM EST

Fanbois flabbergasted.

iphonedevsdk.com mac malware java

Apple (NASDAQ:AAPL) confesses to being infected by malware. It seems to be the same problem that recently befell Facebook and Twitter. The infection vector: popular developer forum, iPhoneDevSDK.com.

In IT Blogwatch, bloggers resurrect a repetitive debate: Is Mac OS virus-proof?

Your humble blogwatcher curated these bloggy bits for your entertainment.

 
Agam Shah spoberly reports the facts, ma'am:

Apple on Tuesday said it was a victim of a malware attack...tied to a vulnerability in a Java plug-in. ... The malware reached Apple computers through a website for software developers.
...
Apple is releasing a tool that scans Macs and removes the Java malware.  MORE


 
So, it's China again, yes? Michael Riley's & Adam Satariano's sources say no:

The hackers used an iPhone-developer website, according to [two] people familiar with law enforcement efforts [who] didn’t want to be identified. ... The attack is part of the same series of invasions that also led to recently disclosed breaches at Facebook and Twitter. ... The hackers appear to be seeking company secrets...they can sell underground.
...
Employees at the companies were first infected when they visited...iphonedevsdk.com, which the hackers had infiltrated. ... Investigators suspect that the hackers are a criminal group based in...Eastern Europe. ...at least one server being used by the group [is] in the Ukraine. Other evidence...also suggest it is the work of cyber criminals rather than state-sponsored espionage from China.  MORE


 
iPhoneDevSDK.com, you say? Zack Whittaker warns us away:

It's absolutely vital that you do not visit this site. ...it may still contain active malware. ... Seriously. Do not visit this site.
...
Here's the troubling thing: You may not have accessed the allegedly infected website, but have your employees? ... Remove Java immediately. ... Check your logs, history, browsing records. ... Run a full, network-wide malware sweep. ... Virtualize and isolate risky software.  MORE


 
The site's suffering owner, Ian Sefferman, defends himself:

We were alerted [yesterday] through the press. ... Prior to this article, we had no knowledge of this breach and hadn't been contacted by Facebook, any other company, or any law enforcement.
...
we have no reason to believe user data was compromised [but] we've reset all users' passwords. ... We're continuing to work with...targeted companies and law enforcement to find out who is behind this sophisticated attack.  MORE


 
Meanwhile, Nick Farrell mocks macheads, mercilessly:

Hackers have managed to do the impossible. ... Everyone in the Tame Apple Press knows that...viruses only exist on Windows...so this latest news has them scratching their heads.
...
It is not clear how this happened as employees at Apple are creative geniuses who bring about perfection. ...there is no malware for Mac machines. ... So it was clearly not Apple’s fault at all.  MORE


 
And Brian Krebs observes the irony, feeling vindicated:

So Apple is all of a sudden chatty about security? How does [it] rate against Flashback, which infected 650,000+ Macs last year?
...
Maybe all the haters who've been upset with me...for repeatedly urging end users to "ditch Java" will kindly get stuffed now.  MORE


 

Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.