Macs Vulnerable to Malware? Say It Ain't So! -- Redmondmag.com

Macs Vulnerable to Malware? Say It Ain't So!

By David Nagel
01/24/2008

IT security firm Sophos this week let the cat out of the bag, spilled the beans, and otherwise debunked the widely treasured myth that Macs are invulnerable to malware in its Sophos Security Threat Report 2008 (registration required); released Tuesday. The report said that, among other things, "in 2007 [organized] criminal gangs for the first time arrived at Apple's doorstep with the intention of stealing money." Proof, the firm said, that "hackers are extending their efforts beyond Windows."

Of course, the Mac platform has never been invulnerable to malware of any sort, though since the advent of Mac OS X such malicious code had generally been confined to labs in which researchers played out "what if" scenarios that never came to fruition. Serious crimeware developers simply hadn't bothered with the Mac until late, perhaps for the same reason game developers left the platform alone for so long: The audience was too limited to be worth the effort.

Not that malware is particularly rampant on the Mac at this point. There were some iterations of the OSX/RSPlug Trojan horse that made the phishing/ID theft rounds in November. However, "Macs have a long way to go in the popularity stakes before they overtake PCs, particularly in the workplace, [but] their increased attractiveness to consumers has proven irresistible to some criminal cybergangs," according to Graham Cluley, senior technology consultant at Sophos, commenting on the report in a statement released this week.

And, of course, Mac users are as vulnerable as their PC-using counterparts to Web and e-mail scams. "The Mac malware problem is currently tiny compared to the Windows one," Cluley said, "so if enough Apple Mac users resist clicking on unsolicited [Web links] or downloading unknown code from the web then there's a chance they could send a clear message to the hackers that it's not financially rewarding to target Macs. If they fail to properly defend themselves, however, there's a chance that more cybercriminals will decide it's worth their while to develop more malware for Mac during 2008."

The Bigger (Non-Mac) Threats
Still, in the larger world of data security threats, including malware, the Mac is still barely a blip on the radar, and it should be noted that the OSX/RSPlug Trojan did not make the top-10 list of the most dominant malware threats of the year in the Sophos study. This honor went to the following, according to the report:

Mal/Iframe: 53.3%
Mal/ObfJS: 9.8%
Troj/Decdec: 6.6%
Troj/Psyme: 6.2%
Troj/Fujif: 5.8%
JS/EnclFra: 3.9%
Troj/Ifradv: 2.4%
Mal/Packer: 1.2%
Troj/Unif: 1.0%
VBS/Redlof: 0.8%

Other forms of Web-borne malware made up the remaining 9 percent.

The Sophos report, like other recent reports, also cited converged consumer electronic devices, such as Apple's iPhone and other smart phones and handheld devices, as technologies to watch for their vulnerabilities and potential for "opening up new vectors of attack for hackers." The report also said low-cost ultramobile PCs are likely to attract the attention of malicious developers over the coming year.

The Much Bigger (National) Threats
Finally, the report also found that malicious activities on national levels are likely to increase in the coming year, saying that it became much more common in 2007 for nations to accuse one another of "cybercrime." Actual accusations of these attacks in 2007 ranged from government-sponsored corporate espionage to distributed denial of service attacks.

"2008 is likely to bring more accusations, but so far there has been no actual evidence of state sponsored cyberspying," said Cluley. "While spying has been happening for centuries, it is important to remember that hackers are experts at covering their tracks, making it difficult to determine the exact source of an attack. There is no doubt, however, of the importance of securing critical computers inside government [organizations] from hackers, no matter whether they are motivated by politics, espionage or simply money."

Whether government-sponsored or merely individually inspired, the origins of Web-borne threats can be linked to specific countries, and the distribution figures have changed fairly dramatically over the last year. Where in 2006, according to the report, the United States was the launch point for the bulk of Web-based malware, China took over the No. 1 slot in 2007, responsible for 51.3 percent of such code. The United States came in second at 23.4 percent. Other countries lagging far behind the two leaders included Russia (9.6 percent), Ukraine (3 percent), Germany (2.3 percent), and Poland (0.9 percent). The U.K., France, Canada, and the Netherlands each accounted for 0.7 percent.

About the Author

Dave Nagel is the executive editor for 1105 Media's educational technology online publications and electronic newsletters.

Featured

Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.
Using Microsoft Office to Build a Network Diagram, Part 1

Keeping documentation is a great way to ease your future hardware refresh and have what you need for insurance purposes.
Microsoft Claims Breakthrough in Quantum Computing Reliability

A new paper details Microsoft's recent progress in quantum computing -- specifically, its development of a system that is both significantly less prone to errors and better at correcting them.