As this holiday weekend draws to a close, the unfortunate fact is that we may be dealing with the largest Mac-centric botnet ever documented in the wild. While the Flashback trojan is easy to find and simple to prevent — in fact, a stock Lion installation includes neither Java nor the Flash plugin, cutting down dramatically on the attack surface for malware of this kind — there are still thousands of compromised Macs out there.
Given the requirements of a Java installation to enable the trojan’s exploit, it looks like a nontrivial number of infections have hit experienced Mac users. We recommend immediately updating your Java install with Apple’s patch. You can test for the Flashback trojan using the standalone Terminal method or a simple utility — and you can also install some free virus protection if you’re so inclined.
That’s our topic for tonight’s Talkcast, same as it was two weeks ago: Mac (and iOS) security. We welcome your calls, questions and comments at 10 pm ET, 7 pm PT tonight live on Talkshoe.
To participate in the call, you can use the browser-only Talkshoe client, the embedded Facebook app, or download the classic TalkShoe Pro Java client; however, for +5 Interactivity, you should call in. For the web UI, just click the Talkshoe Web button on our profile page at 4 HI/7 PDT/10 pm EDT Sunday. To call in on regular phone or VoIP lines (Viva free weekend minutes!): dial (724) 444-7444 and enter our talkcast ID, 45077 — during the call, you can request to talk by keying in *8.
If you’ve got a headset or microphone handy on your Mac, you can connect via the free X-Lite or other SIP clients — basic instructions are here. Skype users with dial-out credit can call in via the service, or use those free iPhone minutes. Talk to you tonight!