User Alert: Supposedly 'Virus Immune' Macs Show Cyber Infections in U.K. and U.S.

One of the selling points for getting a Mac if you're not a graphic designer is that they are generally virus-free, since he system is often touted to be immune to virus infections. But a new report from a Russian anti-virus vendor is saying a botnet has found and is exploiting a vulnerability in the Mac OS X system.

Reports range from the attack affecting between 550,000 and 600,000 computers with the majority being in the United Kingdom and the United States. Dr. Web has more on the virus:

Systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system. JavaScript code is used to load a Java-applet containing an exploit. Doctor Web's virus analysts discovered a large number of web-sites containing the code.

[...]

According to some sources, links to more than four million compromised web-pages could be found on a Google SERP at the end of March. In addition, some posts on Apple user forums described cases of infection by BackDoor.Flashback.39 when visiting dlink.com.

Dr. Web reports that the attacks began in February and that Apple had closed the system's vulnerability on April 3. On Wednesday, the blog Naked Security reported Apple had released an updated version of Java for OS X 10.6 and 10.7.

The Daily Mail describes the misconception by Mac users that their computer is immune to infections could be because the incomparably high number reported on Windows. Chester Wisiniewski for Naked Security wrote that since the attack took six weeks for Apple to address, he wonders if the company takes security for granted as much as many of its users as well:

This does make you wonder whether Apple takes security as seriously as it should. Perhaps its public facing image of being invulnerable is the prevailing attitude within the company.

Why Apple did not deploy these fixes before Mac users were victimized by criminals is unclear. Fortunately, once it became a problem the company responded quickly.

Naked Security reports that to see if you have the most updated version of Java on your Mac "open Terminal and type 'java -version'." If you see "java version 1.6.0_31", you're all set. Naked Security also notes you could just remove Java all together. Wisniewski writes you can find how-to instructions to do this here.