Feeds

Windows malware dominates Mac malware detection chart

Sophos clean-up tool IDs carriers and rare Mac Trojans

The Power of One eBook: Top reasons to choose HP BladeSystem

Malicious files that use the the scripting capability of Microsoft Media Player to infect Windows machines have emerged as the main threat detected on the machines of Apple users who have taken advantage of Sophos' recent offer of a freebie anti-malware scanner application.

The Windows-specific threat - identified by Sophos as ASDFDldr-A - typically comes in the form of maliciously constructed and padded media files that pose as music files from the likes of Lady Gaga and Madonna. It is only when these malicious files happen to be executed on Windows PCs that anything bad happens. Nonetheless it's better that these malicious media files are identified and removed than left lying around.

On Windows boxes, the malicious files use the scripting capability of Microsoft Media Player to redirect users to a booby-trapped website instead of playing the media content users were hoping to enjoy.

Java-based attacks also appear high in instances of malicious scripts detected by the Sophos security scanner, which was released earlier this month. These cross-platform scripts were typically found in the internet caches of Mac machines. "Many of these might have been designed to download further Windows-based attacks to computers, but they could easily be adapted to download Mac-based threats too," Sophos warns.

The security tool available here has also identified limited instances of Mac OS X-specific malware, Jahlav and DNS Changer. These well-known Mac Trojans are typically disguised as codecs supposedly needed to display video content. Routes to infection include maliciously constructed downloads on BitTorrent sites as well as supposed warez and prOn sites under the control of hackers.

The infamous Conficker worm also edges into the chart, appearing in 19th place. Conficker has no effect on Macs but it does spread via USB drives. Mac users probably got infected after their friends or colleagues with infected Windows machines shared an infected thumb drive with them. The malware has no effect on Mac machines except to make them a carrier of the malware, which can be spread onto previously uninfected Windows boxes when files are subsequently shared either via a USB drive or over the network.

Stats of the number of infections encountered or the percentage of Mac boxes discovered as harbouring malware are not available. The stats show that even the frequently encountered threat (ASDFDldr-A) crops up in just 4.62 per cent of infections reported to Sophos, a sharp contrast the monthly Windows malware charts in the past when one or two prevalent threats typically dominate.

Many of the nasties found on Mac boxes are actually incapable of causing harm on a MacBook or other Apple PCs. The only problem arises if malicious content (only capable of infecting Windows boxes) is shared.

In many ways the Sophos security scanner serves the same useful purpose as anti-virus scanners for Linux servers – by preventing the further spread of Windows-specific malware.

But even though instances of Mac malware remain rare, that's no reason for complacency.

"There is much less Mac malware than Windows malware, but that doesn't mean that Mac users should be blase about protecting their computers," said Carole Theriault, senior security consultant at Sophos.

The Mac malware prevalence stats come from the 150,000 active users of Sophos Anti-Virus for Mac Home Edition who have downloaded and updated the anti-malware software since its launch on 2 November. The security software is among the top 10 most downloaded products from Apple's download site and the most popular application from its networking and security section. ®

Boost IT visibility and business value

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.