Have you read about the 600,000 strong MacOS-X botnet? Were you aware that a simple Java exploit was the cause? Further – were you aware that at LEAST since September of 2011 – that Apple knew of the flashback threat – and yet the Java distribution for Macos-X which is controlled as a software update within the mac’s own “software update” system has remained UNPATCHED until this week (Wednesday to be precise). That lack of update has resulted in at least the 600,000 strong botnet being built – we may not know how large that infection has actually become. What is known – is that Apple users have been laboring under the incorrect assumption that they have been “safe”. Many of us in the IT security industry have know that this is simply not true for a long time… but persuading mac users they aren’t as safe as Apple lead them to believe has been an uphill battle that simple hasn’t been worth the effort … you can lead a horse to water… but you can’t make it drink! Dr. Web has claimed a lot of headlines for screaming from the rooftops this last week about this botnet – the number of infections is not large when you compare it to similar botnets in the PC world – but given the relatively smaller number of Macs in use – it is significant none-the-less. Blog Article on FlashBack – 600,000 infected Macintoshes Something we am sure you are not aware of – ESET has been adding flashback threats to their threatsense network for their ESET CyberSecurity for MacOS-X since September of 2011 – the number of variants has fairly exploded in 2012 – you can view Flashback additions to threatsense here: ThreatSense updates including FlashBack or Look for ESET CyberSecurity updates for MacOS-X here: MacOS-X ThreatSense Updates Let us be clear… Macintoshes are well and truly on the radar of malware authors – and this particular threat has been known to apple since AT LEAST September – they patched the Java installation only THIS WEEK having had almost 7 months to do so – this is hardly indicative that Apple is taking malware for their operating system seriously. It is our opinion that Apple took so long is a sign of horrendous arrogance on these things… you and your customers should not go unprotected in the post flashback environment – more apple threats are not “if?” – they are “when?”