Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/24/2012
10:18 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

One In Five Macs Harbors Malware, Sophos Research Reveals

Both Windows and Mac threats were discovered

BOSTON, MA, Apr 24, 2012 (MARKETWIRE via COMTEX) -- New research released by Sophos has revealed a disturbingly high level of malware on Mac computers -- with both Windows and Mac threats being discovered.

Sophos experts analyzed a snapshot of 100,000 Mac computers running its free anti-virus software, and discovered that one in five machines was found to be carrying one or more instances of Windows malware.

Although Windows malware on Macs will not cause symptoms (unless users also run Windows on their computer), it can still be spread to other computers.

Additionally, Sophos's analysis shows that 2.7 percent (one in thirty six) of Macs were found to be carrying Mac OS X malware.

"Some Mac users may be relieved that they are seven times more likely to have Windows viruses, spyware and Trojans on their Macs than Mac OS X-specific malware, but Mac malware is surprisingly commonly encountered," said Graham Cluley, senior technology consultant at Sophos. "Mac users need a wake-up call about the growing malware problem."

The recent Flashback botnet, which inflicted more than 600,000 users, and fake anti-virus attacks, which scare users into handing over their credit card details, dominate the chart of Mac-based threats.

Top Mac OS X malware found on Mac computers (7-day snapshot of 100,000 Macs): 1. OSX/Flshplyr 75.1% 2. OSX/FakeAV 17.8% 3. OSX/RSPlug 5.5% 4. OSX/Jahlav 1.2% 5. Other 0.4%

"Mac malware can spread via USB stick, email attachments, website download, or even a silent drive-by installation where the user doesn't realize their Mac's security has been subverted," continued Cluley. "Cybercriminals view Macs as a soft target, because their owners don't typically run anti-virus software and are thought to have a higher level of disposable income than the typical Windows user. Mac users must protect their computers now or risk making the malware problem on Macs as big as the problem on PCs."

One in five Macs users who downloaded and scanned their system found Windows malware on Mac computers:

Top Windows malware found on Mac computers (7-day snapshot of 100,000 Macs): 1. Mal/Bredo 12.2% 2. Mal/Phish 7.4% 3. Mal/FakeAV 3.8% 4. Troj/ObfJS 3.6% 5. Mal/ASFDldr 3.3% 6. Troj/Invo 3.0% 7. Troj/Wimad 2.6% 8. Mal/Iframe 1.5% 9. Mal/JavaGen 1.4% 10. Other 61.2%

Some of the malware discovered by Sophos on the 100,000 Mac computers sampled dates back to 2007, and would have been easily detected if the users had run an anti-virus product sooner. Bredo, a family of malicious programs sent out via spam, accounts for 12.2 percent of malware detected on Mac computers. The first Bredo variant was detected in 2009, and since then, countless variants have been released. Only last week, it was used in a malicious email campaign that purported to have attached a compromising picture of the recipient.

"The simple fact is that you can scan your Mac for infection from your armchair. The test is painless and free; you just download an anti-virus product and allow it to check your computer and protect it against infections in the future," explained Cluley.

Home users can join the millions of others who protect their computers by downloading a free version of Sophos Anti-Virus for Mac from: http://www.sophos.com/freemacav .

Further information about these malware findings on Macs can be found on Sophos's Naked Security site at: http://nakedsecurity.sophos.com .

About Sophos More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs -- a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com .

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...