When Apple shipped Mac OS X Lion 10.7, the “Library” folder located within every user’s home folder, which had previously been visible to users in the Finder, was made invisible. To access the Library folder, users must now hold down the option key while selecting the “Go” menu in the Finder.<p>

This is probably a good move for the vast majority of Mac users, but for folks with even a small amount of interest in tinkering with the configuration files and caches of various applications, it’s an outright nuisance.

A quick trip to the Terminal can fix it, or he has an app for that.

In June 2009, Microsoft issued security update MS09-027, which fixed a remote code execution vulnerability in the Mac version of Microsoft Office. Despite the availability of the bulletin (and the passage of time), not every machine is up to date yet – which is how nearly three years later, malware has emerged that exploits the issue on machines running Office on Mac OS X. Fortunately, our data indicates that this malware is not widespread, but during our investigation we found a few interesting facts we’d like to share with you.

It's pretty sophisticated.

Dr. Web, the Russian security firm that firm discovered the massive Flashback botnet last month, has provided new data on the number of Macs still infected with the software. The results show that while close to 460,000 machines remain infected, the botnet is shrinking at a rate of close to a hundred thousand machines a week as Mac users get around to downloading Apple’s tool for disinfecting their machines or installing antivirus.</p><p>

“It’s going very slowly, and there’s still a ways to go, but I think in a month it will be over,” says Boris Sharov, Dr. Web’s chief executive.

They were reckoned to be making about $10,000 per week at the peak. Wonder if that's better than they could do off a Windows botnet. And of course: what's next?

Doctor Web's virus analysts continue to monitor the largest to date Mac botnet discovered by Doctor Web on April 4, 2012. The botnet statistics acquired by Doctor Web contradicts recently published reports indicating a decrease in the number of Macs infected by BackDoor.Flashback.39 The number is still around 650,000.

Hard to know how to verify who's right. Dr Web first spotted the Java variant of the Flashback malware.

Intego has discovered a new variant of the Flashback malware, Flashback.S, which continues to use a Java vulnerability that Apple has patched. No password is required for this variant to install, and it places its files in the user’s home folder, at the following locations:</p><p>

~/Library/LaunchAgents/com.java.update.plist<br />
~/.jupdate<br />
It then deletes all files and folders in ~/Library/Caches/Java/cache in order to delete the applet from the infected Mac, and avoid detection or sample recovery.

The no-password thing is just more drive-by fun. Unclear: prevalence. (Thanks @rquick for the link.)

How all those Macs got infected:

The partner program was based on script redirects from huge numbers of legitimate websites all over the world. Around the end of February/early March 2012, tens of thousands of sites powered by WordPress were compromised. How this happened is unclear. The main theories are that bloggers were using vulnerable versions of WordPress or they had installed the ToolsPack plugin. Websense put the number of affected sites at 30,000 , while other companies say the figure could be as high as 100,000. Approximately 85% of the compromised blogs are located in the US.</p><p>

Code was injected into the main pages when the blogs were hacked. As a result, when any of the compromised sites were visited, a partner program TDS was contacted. Depending on the operating system and browser version, the browser then performed a hidden redirect to sites in the rr.nu domain zone that had the appropriate set of exploits installed on them to carry out an infection.

Oh joy: A new version of the Mac OS X Sabpab Trojan horse has come to light, and rather than relying upon a Java vulnerability - it appears to be exploiting malformed Word documents instead.

Disabled Java.. Flash.. Word.. web..

Intego:

We recently <a href="http://blog.intego.com/new-flashback-trojan-horse-variant-uses-novel-delivery-method-to-infect-macs/">reported about a new variant of the Flashback Trojan horse</a> which is using novel techniques to infect Macs. Since then, we have discovered a number of samples of this latest variant, Flashback.G, and have seen evidence that many Mac users have been infected by this malware.

What's not explained is what "many" is (even compared to Intego's client base) or what this novel infection method is. Flashback is a password-stealing program. Presently easy to detect:
• open Terminal.app
• type cd /Users/Shared
• type ls -l
• look for any file ending ".so". If you're infected, you've then got a problem. (Thanks @rquick for the link.)

Why the new Gatekeeper feature on the new version of the Mac operating system matters to all users.

This may explain how Apple's share of the computer market keeps growing:

Have you noticed an increased presence of Apple products in public spaces and workspaces in the last few years? Turns out that 21% of information workers are using one or more Apple products for work. Almost half of enterprises (1000 employees or more) are issuing Macs to at least some employees – and they plan a 52% increase in the number of Macs they issue in 2012.

"If the average selling price of a Mac runs about $710 more than a PC (ASP of a Mac - ASP of an HP machine), and about $320 of that is profit, then the remaining $390 must be those higher costs. Apple’s computing hardware, and the software development behind OS X, actually cost more to manufacture. Given the volume their manufacturing partners are turning out and the squeeze to contain costs put on them by Apple, one has to wonder why.<br />
"The answer is fairly obvious to anyone coming to Macs after years of using commodity PC equipment: better design and build quality costs more."<br />
<br />
In no way going to start an argument in the comments, this one.

"If you're reading this column, you are likely sophisticated enough to not fall for such nonsense, starting with clicking in the link on the Web page. You might have already turned off the Safari Open Safe Files option, or use a browser like Firefox or Chrome that requires additional steps to install this malware.<br />
"But how many of your friends, relatives, and colleagues are going to be this credulous? And Mac Defender is just the first effort to make any impact. Don't be fooled by the fact that in this release you have to enter a credit-card number to be scammed. Future Mac malware will be just like that under Windows, with the potential to install all manner of viruses, like keystroke loggers, spam email programs, and the like."<br />
<br />
Very good, well-argued piece with an unavoidable conclusion.

Apple is putting its support staff in an invidious position where they "can't confirm or deny" whether any such software (as the Mac Defender scareware) has been installed. And they don't get support to remove it.<br />
<br />
Then again, it's listed as an "investigation in progress", so let's hope the support team's scripts improve radically, and soon.

Clever - didn't know of them. What are the equivalent Windows app switcher ones?

Qualities observed in people from the Hunch network. This is one that definitely wouldn't attract any comments, right?