Risk
11/23/2010
12:13 PM
George V. Hulme
George V. Hulme
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Sophos Sees Macs OS Infected With Windows Sludge

Anti-virus firm Sophos shows that while Macs may be under increasing malware threats, most of the sludge its anti-virus software found targeted Windows systems - Apple users aren't out of the woods.

Anti-virus firm Sophos shows that while Macs may be under increasing malware threats, most of the sludge its anti-virus software found targeted Windows systems - Apple users aren't out of the woods.Sophos has been giving away free anti-virus software for Mac users for a number of weeks now. The company claims to have more than 150,000 active users, and has sampled nearly 50,000 infection reports, from November 2 through November 16th.

Many of the malicious programs found in that analysis, not surprisingly, are Windows-specific attacks that Mac users are getting inadvertently. Perhaps by visiting infected Web sites and having the malware dropped into their browser caches, opening e-mail attachments, or by sharing and copying files by USB drives and other means.

Some of the malware are cross platform attacks, based on Java, while a few are Mac specific. From Sophos' blog late last week:

You'll also notice a lot of Java-based attacks in the list, these are obviously cross-platform and may have been found in internet caches by users who were hit by a drive-by attack. Many of these might have been designed to download further Windows-based attacks to computers, but they could easily be adapted to download Mac-based threats too.

You'll also see some Mac OS X-specific malware in there (OSX/Jahlav and DNS Changer). These are well known Mac Trojans that are typically disguised by hackers on BitTorrent sites, or planted on websites as alluring downloads or plugins to view videos.

Does this mean Mac users should rush out and install anti-virus software on their systems? Probably not. That is unless they are undertaking known risky activities such as visiting BitTorrents and downloading or viewing questionable software.

That means anti-virus software today is still a choice Mac users have to make, balancing risk and convenience. However, as Mac-based viruses grow in complexity, numbers, and efficiency - it's a luxury that may be lost soon.

The only caveat I'd have to that is that if your Mac is on a local network, your local users could be placing you at increased risk. So keep that in mind.

For my security and technology observations throughout the day, find me on Twitter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2014-0778
Published: 2014-04-19
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.

CVE-2014-1974
Published: 2014-04-19
Directory traversal vulnerability in LYSESOFT AndExplorer before 20140403 and AndExplorerPro before 20140405 allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-1983
Published: 2014-04-19
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.

Best of the Web