Click here to receive your FREE subscription to Campus Technology

Home > Macs Vulnerable to Malware? Say It Ain't So!

News

Macs Vulnerable to Malware? Say It Ain't So!

1/24/2008

By David Nagel

IT security firm Sophos this week let the cat out of the bag, spilled the beans, and otherwise debunked the widely treasured myth that Macs are invulnerable to malware in its "Security Threat Report 2008," released Tuesday. The report said that, among other things, "in 2007 [organized] criminal gangs for the first time arrived at Apple's doorstep with the intention of stealing money." Proof, the firm said, that "hackers are extending their efforts beyond Windows."

Of course, the Mac platform has never been invulnerable to malware of any sort, though since the advent of Mac OS X such malicious code had generally been confined to labs in which researchers played out "what if" scenarios that never came to fruition. Serious crimeware developers simply hadn't bothered with the Mac until late, perhaps for the same reason game developers left the platform alone for so long: The audience was too limited to be worth the effort.

Not that malware is particularly rampant on the Mac at this point. There were some iterations of the OSX/RSPlug Trojan horse that made the phishing/ID theft rounds in November. However, "Macs have a long way to go in the popularity stakes before they overtake PCs, particularly in the workplace, [but] their increased attractiveness to consumers has proven irresistible to some criminal cybergangs," according to Graham Cluley, senior technology consultant at Sophos, commenting on the report in a statement released this week.

And, of course, Mac users are as vulnerable as their peecee-using counterparts to Web and e-mail scams. "The Mac malware problem is currently tiny compared to the Windows one," Cluley said, "so if enough Apple Mac users resist clicking on unsolicited [Web links] or downloading unknown code from the web then there's a chance they could send a clear message to the hackers that it's not financially rewarding to target Macs. If they fail to properly defend themselves, however, there's a chance that more cybercriminals will decide it's worth their while to develop more malware for Mac during 2008."

The Bigger (Non-Mac) Threats
Still, in the larger world of data security threats, including malware, the Mac is still barely a blip on the radar, and it should be noted that the OSX/RSPlug Trojan did not make the top-10 list of the most dominant malware threats of the year in the Sophos study. This honor went to the following, according to the report:

  1. Mal/Iframe: 53.3%
  2. Mal/ObfJS: 9.8%
  3. Troj/Decdec: 6.6%
  4. Troj/Psyme: 6.2%
  5. Troj/Fujif: 5.8%
  6. JS/EnclFra: 3.9%
  7. Troj/Ifradv: 2.4%
  8. Mal/Packer: 1.2%
  9. Troj/Unif: 1.0%
  10. VBS/Redlof: 0.8%

Other forms of Web-borne malware made up the remaining 9 percent.

The Sophos report, like other recent reports, also cited converged consumer electronic devices, such as Apple's iPhone and other smart phones and handheld devices, as technologies to watch for their vulnerabilities and potential for "opening up new vectors of attack for hackers." The report also said low-cost ultramobile PCs are likely to attract the attention of malicious developers over the coming year.



Recommended Reading
  • California Community Colleges Partner with Waterfall Mobile on Statewide Emergency Notification Coverage

    The Foundation for California Community Colleges (FCCC) has awarded a statewide emergency alert notification contract to Waterfall Mobile. The contract establishes Waterfall's AlertU as an approved technology through the official non-profit foundation for the California Community College (CCC) system office. Through this partnership, individual colleges may directly implement emergency communication services, eliminating lengthy technology evaluation and RFP processes.

  • King's College and ASU Add e2Campus for Improved Emergency Notifications

    King's College and Arizona State University have switched to Omnilert's e2Campus for emergency notification. Omnilert also has introduced a new program called the ENS Conversion Service that allows schools to bulk upload data from their previous emergency notification system into e2Campus at no charge.

  • Saint Joseph Builds Out Wireless Network in Multi-year Upgrade

    Saint Joseph's University has begun deploying a Meru Networks wireless local area network across its Philadelphia campus as part of a multi-year effort to bring wireless coverage to every building on campus.

  • Vista Ramp Up Is Happening Now, Study Says

    Organizations may have been slow to adopt Microsoft Windows Vista, but expect that to change by late 2008 to 2009, according to a Forrester Research report by Benjamin Gray et al., published last week.

  • Talisma Launches New Version of CRM with Built-in Application Management

    Talisma Corp. announced version 8.0 of its constituent relationship management (CRM) application for higher education. The new release includes application management, a revamped user interface, two-way text messaging, personalized Web portals, and an ADA-compliant Web client, among other enhancements.

  • Bringing Composers into Classrooms Through Skype

    Two Pennsylvania teaching colleagues with an interest in music and technology are bringing remote experts into classrooms at almost no cost, using Skype's free videoconferencing technology.

Related Articles

send e-mail link to articleEmail this article

print this articlePrintable Format