Mac malware: myth or reality?

Many people are in denial about the severity of Mac security threats

When reading comments on articles about Mac security, you find many people who are in denial about malware that targets the Mac. Granted, there are far fewer viruses, worms and Trojan horses affecting Macs than Windows PCs, but the risk is real, and it’s getting worse. In fact, the complacency of Mac users, who have almost been led to believe that their platform is germ-free, may lead to more serious outbreaks should virulent malware target the Mac. Most Mac users don’t know how to react to a malware attack.

If we look at 2009, we can see that malware writers are increasingly targeting the Mac. In January, shortly after Apple announced a new version of its iWork suite of productivity software, malware writers took advantage of it. Mac users who downloaded the software via BitTorrent were also treated to the iServices Trojan horse, hidden inside the iWork installer. The iServices Trojan opened a back door on infected Macs, and it connected to remote servers to download new code. It was actively used as part of a botnet that was involved in distributed denial of service attacks and more.

Shortly thereafter, the same cyber criminals planted the next version of their malware with copies of Adobe Photoshop CS4 for Mac found on BitTorrent trackers. The Photoshop installer was clean, but the Trojan horse was found in a crack application used to serialise the software. Functioning in a similar manner to the first version, the iServices.B Trojan horse allowed remote users to perform actions on infected Macs.

The RSPlug Trojan horse, which was first discovered in October 2007, exists now in more than a dozen variants. There were six new variants in 2009, some masquerading as video codecs, and some which claimed to be games, MP3 files and others. Several other types of malware targeting the Mac were spotted during the year. Phishing attacks targeting Mac users were on the rise as well, with well-crafted emails, purportedly from Apple, being sent to entice subscribers to the company’s MobileMe online service to surrender their credit card numbers. Other phishing emails specifically target users of other Apple products, such as the iPhone and iPad.

Malware is not the only security threat to Macs. Operating system and third-party software vulnerabilities can be chinks in computers’ armour, allowing remote exploits to take advantage of unpatched weaknesses. Apple issued 34 security updates in 2009, to patch Mac OS X, its software and hardware. Popular third-party software also saw a number of updates.

One of the new ways hackers can target Macs is by taking advantage of these vulnerabilities and attacking computers from web pages and over a network. A number of exploits are available that can gain access to Macs easily, if a user simply visits a web page. A noted Mac security researcher won a Mac hacking contest by exploiting a bug in Apple’s Safari web browser; all he did was point the computer to a booby-trapped web page and he took control of it.

For this reason, it is no longer sufficient to protect Macs with a simple anti-virus program. The only way to ensure that Macs are safe is to use combined protection, where anti-virus software works in concert with a two-way firewall, and software that protects from web threats, phishing, spyware, Trojan horses and more.

Apple’s market share is on the rise, and malware writers are sensitive to the fact that Mac users are generally in a higher income range, and have less experience dealing with security issues. And with targeted attacks from poisoned web pages, cyber criminals can take control of Macs when users simply surf the web.
Laurent Marteau is a BCS contributor