Report: Security-Wise, the Mac Platform Is Getting Shaky

Mac users beware -- the bad guys have you in their malware crosshairs.

Organized criminal gangs arrived at Apple's (Nasdaq: AAPL) doorstep for the first time in 2007 with malware tools in hand to intentionally steal money, according to a recent report from IT security and control firm Sophos. With proof that hackers are extending their efforts beyond Windows, Sophos has warned computer users of all operating systems not to be complacent about security.

Sophos' Security Threat Report 2008 examines the threat landscape during the previous 12 months and predicts emerging cybercrime trends for 2008. This report disclosed the heightened efforts targeting Mac computer users. In part, the rising popularity in Apple-based peripherals such as the iPhone and the iPod is making the growing Apple platform footprint more financially appealing, according to Sophos. Although malware for Macs has been seen before, financially-motivated hackers are now recognizing that there is a viable and profitable market in infecting Macs as well as Windows PCs.

"This is the very first malware done specifically for the Mac rather than the Windows PC. We are still seeing new versions aimed at MacIntosh computers since November. So this is very significant," Graham Cluley, senior technology consultant for Sophos, told MacNewsWorld.

Mac Attack Focus

Cybercriminals can target any computer user by sending out spam e-mails containing links to poisoned Web pages they set up and directing unsuspecting victims to malicious code. The Web site can determine if the visiting computer is a Mac or a PC, delivering malware custom-written for the surfer's operating system.

The primary method for snagging Mac users still relies on an age-old social engineering ploy. A Mac user will click on a link to see a video hyped as an exclusive expose of a film or music clip -- or, in some cases, adult-oriented content. The link actually takes the user to a Web site that determines, for example, whether to apply the VLOB virus for a PC or the RSPlug for a Mac, Cluley explained.

"The user still has to install a codec to see the video. That piece of social engineering gets around Mac technology by tricking the user into saying 'yes' to the download," he said. "It uses the oldest vulnerability of the brain. It catches users thinking with their trousers and not their head."

Malware Trends

Malicious Web pages emerged as another trend in 2007, according to the Sophos report. SophosLabs discovered a new infected Web page every 14 seconds, or 6,000 per month.

About one in five of these sites were hacker sites; 83 percent actually belonged to innocent companies and individuals who were unaware that their sites have been hacked. Websites of all types, from antique dealers to ice cream manufacturers to wedding photographers, have hosted malware on behalf of virus writers. Mobile security also became an increasing concern in 2007 as new mobile technologies and WiFi-enabled devices like Apple's iPhone and iPod touch grew in popularity.

"Cybercriminals have begun to notice a trend in consumer's attractions toward Apple Macs during the last year," said Mike Haro, senior security analyst at Sophos. "This trend has led to a number of viruses and malware created by hackers for the purpose of attacking a growing number of consumers who purchase Mac computers. Mac users need to be aware that while the threats that exist right now are few in number, they still need to take adequate measures to protect themselves."

Contributing Factors

The new focus on Mac users was expected for some time. Despite the increased use of Apple peripherals, the attacks so far are targeting Mac computers not the Apple-made peripherals plugged into them.

"This is a natural progression. Malware is a business today. Those in that business need new revenue streams," Don DeBolt, director of antispyware research at CA, told MacNewsWorld.

The attack methods to hit Mac users are not necessarily new technology. The attackers are using classic technology and are getting users to install software that is not entirely what is claims to be, he said. Much of it is a reincarnation of existing Windows viruses tweaked for the Mac platform.

Unsophisticated computer users turning to Apple computers are the most vulnerable. Also potentially vulnerable users are those rejecting Microsoft's (Nasdaq: MSFT) Vista for the Mac platform on the presumption that no security precautions are necessary. They don't consider the need for the same kind of security that Windows users need, said Cluley.

Platform Vulnerable

Antivirus software developers are now including the Mac platform in products. However, many Mac computer users do not see a need for using them, perhaps guided by an Apple marketing message that implies the computers are totally safe.

"The Mac platform is not completely secure. It never was. But it is a safer place to be. So far attacks are like a raindrop in a thunderstorm when you use a Mac computer," said Cluley.

Viruses for MS Word for Mac and MS Excel for Mac have been around since 1995. While there are no new macro viruses that hide in the macro features of these popular Microsoft word processor and spreadsheet products for Apple computers, old ones are being spread around again, said Cluley.

"Financial malware for Mac users will be the most deadly," he warned.

Hackers are moving up the stack by attacking the IP (Internet Protocol), DeBolt suggested. Hackers are going to the browser. That is where many unaware Mac users will be victimized.

"There is no longer security by obscurity for the Mac user," he said.

Industry Reacting

"Software management companies are taking seriously the increased risks facing Mac computer users. Patch management companies are now including the Mac platform," Paul Henry, vice president of technology evangelism at Secure Computing, told MacNewsWorld. "The Mac computer is entering the mainstream."

It is very evident to security experts that hackers are turning to the Mac platform, he said. Hackers have identified over 30 vulnerabilities targeting MacIntosh software. Antivirus software for the Mac is necessary because these threats are not going away quickly, he said.

Henry cited as example from his own recent experience. He was using his Mac computer at home to access an MSN chat when he stumbled on a ruse that attempted to lure Mac users to an infected Web site. A message alerted him that his computer was infected with a type of malware. He was directed to a Web site where he could download the appropriate cure.

"I laughed. The detected malware only runs on Microsoft Windows. They can't run on a Mac Platform. But the situation shed attention to new attacks on Mac users," he said.

A Turning Point

So far, Sophos researchers have discovered what they determined to be the single gang purposely attacking Mac users, said Cluley.

"If they start to make money, they will attract more gangs," he said. "We are not yet expecting to see a tidal wave of attacks directed at Mac users. But clearly, this is a turning point."

So far, the payloads Sophos has detected in these Mac-specific malware attacks are changes to the domain name system in order to direct Web surfers to specific and make money from adware and phishing activities.

"The next jump could be botnets once hackers manage to install the code," Cluley said.

Report Highlights

Sophos' Security Threat Report 2008 disclosed that hackers are turning to a wider use of new mobile technologies, and WiFi-enabled devices may be opening new vectors of attack for hackers. Flaws have been found in the mobile e-mail program and Safari browser installed on these devices. As personal WiFi devices grow in popularity, the risks will likely increase.

Sophos also noted that low-cost, ultra-mobile PCs, such as the popular Linux-based Asus EEE laptop, are likely to gain the attention of the cyber-underworld as sales continue to grow.

"Purchasing the newest technologies does not guarantee that your smartphone or laptop is completely immune to spyware and malware attacks," said Haro. "Any technology with an Internet connection is a potential target for cyber-criminals looking to exploit users for financial gain. Those with WiFi connections need to make sure that they are taking the appropriate steps to password-protect and secure their connection."

The report also noted that in 2007:

• More than 50 percent (51.4 percent) of malware was hosted in China, with 23.4 percent hosted in the U.S.
• The U.S. was responsible for relaying 22.5 percent of all spam.
• Ninety-five percent of e-mail was spam.