Macs Vulnerable to Malware? Say It Ain't So!

IT security firm Sophos this week let the cat out of the bag, spilled the beans and otherwise debunked the widely treasured myth that Macs are invulnerable to malware in its "Security Threat Report 2008," released Tuesday. The report said that, among other things, "in 2007 [organized] criminal gangs for the first time arrived at Apple's doorstep with the intention of stealing money." Proof, the firm said, that "hackers are extending their efforts beyond Windows."

Of course, the Mac platform has never been invulnerable to malware of any sort, although since the advent of Mac OS X such malicious code had generally been confined to labs in which researchers played out "what if" scenarios that never came to fruition. Serious crimeware developers simply hadn't bothered with the Mac until late, perhaps for the same reason game developers left the platform alone for so long: The audience was too limited to be worth the effort.

Not that malware is particularly rampant on the Mac at this point. There were some iterations of the OSX/RSPlug Trojan horse that made the phishing/ID theft rounds in November. However, consumer popularity is a key factor, according to Graham Cluley, senior technology consultant at Sophos.

"Macs have a long way to go in the popularity stakes before they overtake PCs, particularly in the workplace, [but] their increased attractiveness to consumers has proven irresistible to some criminal cybergangs," Cluley stated this week, commenting on the report.

And, of course, Mac users are as vulnerable as their PC-using counterparts to Web and e-mail scams.

"The Mac malware problem is currently tiny compared to the Windows one," Cluley said, "so if enough Apple Mac users resist clicking on unsolicited [Web links] or downloading unknown code from the Web then there's a chance they could send a clear message to the hackers that it's not financially rewarding to target Macs. If they fail to properly defend themselves, however, there's a chance that more cybercriminals will decide it's worth their while to develop more malware for Mac during 2008."

The Bigger (Non-Mac) Threats
Still, in the larger world of data security threats, including malware, the Mac is barely a blip on the radar, and it should be noted that the OSX/RSPlug Trojan did not make the top-10 list of the most dominant malware threats of the year in the Sophos study. This honor went to the following malware, according to the report:

  1. Mal/Iframe: 53.3%
  2. Mal/ObfJS: 9.8%
  3. Troj/Decdec: 6.6%
  4. Troj/Psyme: 6.2%
  5. Troj/Fujif: 5.8%
  6. JS/EnclFra: 3.9%
  7. Troj/Ifradv: 2.4%
  8. Mal/Packer: 1.2%
  9. Troj/Unif: 1.0%
  10. VBS/Redlof: 0.8%

Other forms of Web-borne malware made up the remaining 9 percent.

The Sophos report, like other recent reports, also cited converged consumer electronic devices, such as Apple's iPhone and other smart phones and handheld devices, as technologies to watch for their vulnerabilities and potential for "opening up new vectors of attack for hackers." The report also said low-cost ultramobile PCs are likely to attract the attention of malicious developers over the coming year.

The Much Bigger (National) Threats
Finally, the report also found that malicious activities on national levels are likely to increase in the coming year, saying that it became much more common in 2007 for nations to accuse one another of "cybercrime." Actual accusations of these attacks in 2007 ranged from government-sponsored corporate espionage to distributed denial of service attacks.

"2008 is likely to bring more accusations, but so far there has been no actual evidence of state sponsored cyberspying," said Cluley. "While spying has been happening for centuries, it is important to remember that hackers are experts at covering their tracks, making it difficult to determine the exact source of an attack. There is no doubt, however, of the importance of securing critical computers inside government [organizations] from hackers, no matter whether they are motivated by politics, espionage or simply money."

Whether government-sponsored or merely individually inspired, the origins of Web-borne threats can be linked to specific countries, and the distribution figures have changed fairly dramatically over the last year. Whereas in 2006, according to the report, the United States was the launch point for the bulk of Web-based malware, China took over the No. 1 slot in 2007, responsible for 51.3 percent of such code. The United States came in second at 23.4 percent. Other countries lagging far behind the two leaders included Russia (9.6 percent), Ukraine (3 percent), Germany (2.3 percent), and Poland (0.9 percent). The U.K., France, Canada and the Netherlands each accounted for 0.7 percent.

The complete report and other details are available via the links below.

Read More:

About the Author

Dave Nagel is the executive editor for 1105 Media's educational technology online publications and electronic newsletters. He can be reached at [email protected].