2009 Security threat report: Apple

Mac users a soft target

The Apple malware problem is tiny compared to the situation for Windows users. However, since the emergence of the first financially motivated malware for Mac OS X in late 2007 there have been more attempts by hackers to infect Mac computers.

In February 2008, a new Flash-based Trojan, Troj/Gida-B36, was designed to scare users into purchasing bogus security software. This scareware attack used poisoned web adverts that worked equally well on Mac and Windows computers.

The OSX/Hovdy-A Trojan37, discovered in June 2008, is also capable of infecting Mac OS X computers and attempts to steal passwords, open firewalls and disable security settings. It takes advantage of the ARDAgent vulnerability in Mac OS X to gain root access. Once a computer has been infected the hacker can gain complete control and cover their tracks by disabling system logging.

In August 2008, Troj/RKOSX-A38, a Mac OS X tool to assist hackers create backdoor Trojans, was discovered. Three months later, Sophos announced the discovery of a new piece of Mac malware being planted on websites – OSX/Jahlav-A39. This Trojan poses as a legitimate
application, but after installation downloads additional components from a server in the Netherlands.

Although there is less Mac malware around, there are several reasons why Mac users should be wary.

• A high level of complacency in the Mac community means many users incorrectly believe they are immune from internet security threats. This makes them a soft target for future attacks.
• The use of Intel-based chips in Apple Mac hardware has made use of Windows on Macs more common. This makes Macs more likely than before to be harboring and spreading Windows malware.
• 2008 saw record sales of Apple Mac computers40, with home users undoubtedly switching from PCs due to disgruntlement with Windows Vista. As the marketshare for Apple Macs increases, Mac users are likely to see more attacks launched against them.

With so many Windows home users seemingly incapable of properly defending themselves against malware and spyware, it seems sensible to suggest that some of them should consider switching to the Apple Mac platform. This is not because Mac OS X is superior, but simply because there is significantly less malware currently being written for it. Cybercriminals looking to maximize their return are likely to stick mostly to attacking Windows computers for the
foreseeable future.

However, malware aimed at Macs will continue to be written, and users should continue to follow safe computing best practices such as running an anti-virus product and keeping up-to-date with security patches.

Sophos.com