In a small window into the chaos wrought by the Mac Flashback Trojan, the University of Oxford Computing Services team has described it as the worst malware outbreak it has had to contend with since the Windows Blaster worm of 2003.
According to an OxCERT blog from last week, the University suffered several hundred incidents among the students and faculty in recent weeks “and they keep on coming,” an infection level that could challenge the 1,000 incidents caused by Blaster nine years ago.
Hitherto, the department had dealt with Mac malware only occasionally, usually caused by users trying out pirated software or compromised SSH credentials, said OxCERT’s Robin Stevens.
“But with Flashback, the game has changed forever. We are seeing huge numbers of attacks of the sort that Windows users have had to contend with for years,” said Stevens. “Apple users, and indeed Apple themselves, just have not been ready.”
The Java-based Flashback Trojan has already earned its place in security history as the first major Apple-oriented malware outbreak which Symantec reckons could have earned its authors as much as $10,000 (£6,200) per day.
A serious Apple malware outbreak has been predicted for some years with Java vulnerabilities (Java being cross-platform) always being the likely vehicle for the first major example.
Universities, meanwhile, are an obvious hotspot for computer use - every single student will own at least one - but amidst the famous 'dreaming spires' of Oxford the Mac has acquired a particularly strong following. Flashback was always going to spell trouble for the institution's IT services staff.
“Sadly far too many users still appear to be under the misapprehension that “Macs don’t get viruses” in spite of decades of evidence to the contrary,” Stevens continued.
“As well as Apple’s apparently slow response to a recent vulnerability, and general air of secrecy, one of the problems that the attacks have highlighted is Apple’s product support lifecycles, which are much shorter than in the Windows world,” he said.
Security companies disagree on the precise number of Apple users hit by Flashback but a maximum number over 800,000 looks possible on the basis of analysis by the Russian company that first sounded the alarm over infections levels, Dr. Web.