Feeds

Windows malware dominates Mac malware detection chart

Sophos clean-up tool IDs carriers and rare Mac Trojans

3 Big data security analytics techniques

Malicious files that use the the scripting capability of Microsoft Media Player to infect Windows machines have emerged as the main threat detected on the machines of Apple users who have taken advantage of Sophos' recent offer of a freebie anti-malware scanner application.

The Windows-specific threat - identified by Sophos as ASDFDldr-A - typically comes in the form of maliciously constructed and padded media files that pose as music files from the likes of Lady Gaga and Madonna. It is only when these malicious files happen to be executed on Windows PCs that anything bad happens. Nonetheless it's better that these malicious media files are identified and removed than left lying around.

On Windows boxes, the malicious files use the scripting capability of Microsoft Media Player to redirect users to a booby-trapped website instead of playing the media content users were hoping to enjoy.

Java-based attacks also appear high in instances of malicious scripts detected by the Sophos security scanner, which was released earlier this month. These cross-platform scripts were typically found in the internet caches of Mac machines. "Many of these might have been designed to download further Windows-based attacks to computers, but they could easily be adapted to download Mac-based threats too," Sophos warns.

The security tool available here has also identified limited instances of Mac OS X-specific malware, Jahlav and DNS Changer. These well-known Mac Trojans are typically disguised as codecs supposedly needed to display video content. Routes to infection include maliciously constructed downloads on BitTorrent sites as well as supposed warez and prOn sites under the control of hackers.

The infamous Conficker worm also edges into the chart, appearing in 19th place. Conficker has no effect on Macs but it does spread via USB drives. Mac users probably got infected after their friends or colleagues with infected Windows machines shared an infected thumb drive with them. The malware has no effect on Mac machines except to make them a carrier of the malware, which can be spread onto previously uninfected Windows boxes when files are subsequently shared either via a USB drive or over the network.

Stats of the number of infections encountered or the percentage of Mac boxes discovered as harbouring malware are not available. The stats show that even the frequently encountered threat (ASDFDldr-A) crops up in just 4.62 per cent of infections reported to Sophos, a sharp contrast the monthly Windows malware charts in the past when one or two prevalent threats typically dominate.

Many of the nasties found on Mac boxes are actually incapable of causing harm on a MacBook or other Apple PCs. The only problem arises if malicious content (only capable of infecting Windows boxes) is shared.

In many ways the Sophos security scanner serves the same useful purpose as anti-virus scanners for Linux servers – by preventing the further spread of Windows-specific malware.

But even though instances of Mac malware remain rare, that's no reason for complacency.

"There is much less Mac malware than Windows malware, but that doesn't mean that Mac users should be blase about protecting their computers," said Carole Theriault, senior security consultant at Sophos.

The Mac malware prevalence stats come from the 150,000 active users of Sophos Anti-Virus for Mac Home Edition who have downloaded and updated the anti-malware software since its launch on 2 November. The security software is among the top 10 most downloaded products from Apple's download site and the most popular application from its networking and security section. ®

SANS - Survey on application security programs

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.