Feeds

Windows malware dominates Mac malware detection chart

Sophos clean-up tool IDs carriers and rare Mac Trojans

High performance access to file storage

Malicious files that use the the scripting capability of Microsoft Media Player to infect Windows machines have emerged as the main threat detected on the machines of Apple users who have taken advantage of Sophos' recent offer of a freebie anti-malware scanner application.

The Windows-specific threat - identified by Sophos as ASDFDldr-A - typically comes in the form of maliciously constructed and padded media files that pose as music files from the likes of Lady Gaga and Madonna. It is only when these malicious files happen to be executed on Windows PCs that anything bad happens. Nonetheless it's better that these malicious media files are identified and removed than left lying around.

On Windows boxes, the malicious files use the scripting capability of Microsoft Media Player to redirect users to a booby-trapped website instead of playing the media content users were hoping to enjoy.

Java-based attacks also appear high in instances of malicious scripts detected by the Sophos security scanner, which was released earlier this month. These cross-platform scripts were typically found in the internet caches of Mac machines. "Many of these might have been designed to download further Windows-based attacks to computers, but they could easily be adapted to download Mac-based threats too," Sophos warns.

The security tool available here has also identified limited instances of Mac OS X-specific malware, Jahlav and DNS Changer. These well-known Mac Trojans are typically disguised as codecs supposedly needed to display video content. Routes to infection include maliciously constructed downloads on BitTorrent sites as well as supposed warez and prOn sites under the control of hackers.

The infamous Conficker worm also edges into the chart, appearing in 19th place. Conficker has no effect on Macs but it does spread via USB drives. Mac users probably got infected after their friends or colleagues with infected Windows machines shared an infected thumb drive with them. The malware has no effect on Mac machines except to make them a carrier of the malware, which can be spread onto previously uninfected Windows boxes when files are subsequently shared either via a USB drive or over the network.

Stats of the number of infections encountered or the percentage of Mac boxes discovered as harbouring malware are not available. The stats show that even the frequently encountered threat (ASDFDldr-A) crops up in just 4.62 per cent of infections reported to Sophos, a sharp contrast the monthly Windows malware charts in the past when one or two prevalent threats typically dominate.

Many of the nasties found on Mac boxes are actually incapable of causing harm on a MacBook or other Apple PCs. The only problem arises if malicious content (only capable of infecting Windows boxes) is shared.

In many ways the Sophos security scanner serves the same useful purpose as anti-virus scanners for Linux servers – by preventing the further spread of Windows-specific malware.

But even though instances of Mac malware remain rare, that's no reason for complacency.

"There is much less Mac malware than Windows malware, but that doesn't mean that Mac users should be blase about protecting their computers," said Carole Theriault, senior security consultant at Sophos.

The Mac malware prevalence stats come from the 150,000 active users of Sophos Anti-Virus for Mac Home Edition who have downloaded and updated the anti-malware software since its launch on 2 November. The security software is among the top 10 most downloaded products from Apple's download site and the most popular application from its networking and security section. ®

High performance access to file storage

More from The Register

next story
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
US taxman blows Win XP deadline, must now spend millions on custom support
Gov't IT likened to 'a Model T with a lot of things on top of it'
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.