Mac OS Seeing More Malware

Malware on the Macintosh platform is nothing new, although it
remains a far less common occurrence than attacks on Windows — a fact that Apple and its
fans have long been quick to point out.

Although Macs continue to face far fewer security problems than Windows, the trend line is going in the wrong direction.

But the danger of Mac malware continues growing with new attacks now surfacing.
Researchers at security vendor Sophos warned about two new threats this week: the e-mail
worm OSX/Tored-Fam
and OSX/Jahlav-C,
an attack that forces malicious code on visitors to a faked adult Web site.

“Although there is only a tiny amount of Mac malware compared to Windows viruses,
that’s going to be little consolation if your gorgeous new MacBook gets infected,” Sophos
security blogger Graham Cluley said in a blog
post. “And sadly we know that many Mac users still believe they are somehow magically
immune from attacks.

“As we’ve demonstrated before, and as we’ll no doubt explain again, the Mac malware
threat is real,” he added. “Hackers are deliberately planting malicious code on websites,
and using social engineering tricks to fool you into installing it onto your
computer.”

According to David Perry, global director of education at Trend Micro, the threats are each more than several weeks old. Still, Apple Mac users need to be aware that such risks exist.

Vendors are also increasingly pushing products to help defend against the threat.
Trend Micro released its Smart Surfing product for Mac OS X in late April, although there are only a few threats to Macs, Perry told InternetNews.com.

“We’re fighting five or six things on the Macintosh versus about 30 million on the PC. We get one thing every two seconds for the PC, about 50,000 each day,” he said, although he added that the threat had proven sizeable enough that Trend Micro developed new
protections for the platform.

“Automated crime is a horrible thing,” he added. “We found it necessary to produce a
scanner for the Mac.”

Part of the danger, Perry warned, is Mac users will not know they’re infected.

“There’s the intent to plant a
botnet on your system,” he said. “Don’t expect to every see anything that leaves a
visual symptom.”

“You will not get a system slowdown and it won’t delete files,” he added. “They just
want your credit card number.”

Perry said the botnet economy makes it possible to attack the Mac OS, but more
profitable to attack Microsoft Windows.

“If I’m the Russian mafia and it costs me $150,000 to make an attack, should I attack
the 97 percent of the market that is Windows or the 3 percent that is shared between
Linux and Macintosh?”

Perry added that phishing attacks, which simply require a user to enter valuable
personal information into a Web browser, are possible against any platform.

He also noted that the applications that run on a Macintosh can be susceptible to
hackers. “A vulnerability means that there is a door left open in a program that permits
people to attack it. There are gazillions of vulnerabilities on a Mac.”

Article courtesy of eSecurity Planet

Follow ServerWatch on Twitter