Sections

Services

Information

UK United Kingdom

Think your Mac’s beyond malware attack? Alas, those days are gone

For a long time Mac users would look at all the malware (malicious software) that infects Windows PCs and think how fortunate they were that such attacks did not happen to MAcs. But now, it would seem…

Hackers with a commercial eye seem intent on destroying Apple’s reputation as a “malware-free” PC alternative. Mike Poresky

For a long time Mac users would look at all the malware (malicious software) that infects Windows PCs and think how fortunate they were that such attacks did not happen to MAcs.

But now, it would seem, things are starting to change.

Over the weekend anti-virus software developer Kaspersky Lab announced that a new trojan horse – a program that pretends to be something else while giving control of the infected PC to a remote user – called SabPub, has been spreading among Macs.

The trojan can be spread by one of two methods:

  • by opening a Microsoft Word document that arrives as an email attachment entitled “10th March Statemnet” [sic]
  • by exploiting a vulnerability in Java – a programming language used to create add-ons for web browsers and other applications.

Once activated, the SabPub trojan opens a “backdoor” that allows attackers to gain full access to a victim’s system.

The news of SabPub (or Backdoor.OSX.SabPub.a as it’s formally known) follows the discovery of other Mac malware, including MacDefender, MacGuard and Flashback.

The last of these was found to have infected more than 650,000 Macs worldwide and was spread via a Java “applet” on infected websites.

(Late last week Apple made a standalone Flashback removal tool available for download.)

It would seem we are entering a new era where Mac users are as fair game to hackers as PC users.

Same as it ever was?

In reality, there has never been any fundamental reason why Macs should be immune to viruses and trojans or any other malware. But for a very long time there were some factors that made them a significantly smaller target than the PC.

First, the market share enjoyed by Windows PCs was so much greater than that of Macs. If a hacker was to construct malware that relied on a particular operating system to get around, it was far more likely to land on a PC than a Mac, so it made sense to write it for the PC.

PC and Mac operating systems rely on different architecture and although both are written in the language C, the version of C used in writing the Mac operating system is more robust than used on the PC.

Second, for a very long time, PCs ran software that was such an easy target. It was much easier to find exploitable flaws in PC software than it was for a Mac.

We are starting to see more nasties emerge on Macs than ever before. Dave Delaney

Windows software, at least in the early days, was not written in a particularly defensive way. Some of the ways the infamous Blue Screen of Death could be forced in earlier versions of Windows – such as the “Ping of Death” where an echo request was sent with a payload greater than 64 kilobytes – seem extraordinarily simple these days.

Third, in the past, Macs tended to be purchased for commercial purposes rather than home users. As a result Macs were more likely to have patches applied and software updated than was the case for domestic users.

Finally, there was considerable antipathy towards Microsoft arising from the browser wars that saw PCs being targeted.

Apple didn’t necessarily command the respect and devotion it does today but at least its products inspired less loathing within the hacker community than did Windows products.

All of the above factors are much less the case than they once were. Indeed, the Mac has, to some extent, become a victim of its own success.

There are a lot more Macs around now and the iPad and iPhone dominate the tablet and smartphone markets respectively.

Additionally, Microsoft software seems to be much more stable than it used to be. Blue Screens Of Death may not be a thing of the past, but are perhaps less common than they once were.

Finally, Apple’s reputation has suffered in some ways over the past few years, notably in (possibly untrue) reports about conditions in its manufacturing plants and the company’s involvement in high-profile legal tactics that has not endeared it to the hacker community.

At the same time Microsoft has taken a more relaxed attitude to some mild hacking activity, such as the “jailbreaking” (overriding the intended limitations of) some of its systems.

And perhaps there is another reason that Macs are increasingly becoming the target of attacks; a reason that’s difficult to prove but worth speculating on.

Hacking has become more of a commercial activity than it used to be. It is interesting that MacGuard and MacDefender attempted to obtain credit card information from users and that Flashback caused infected hosts to join a botnet that could possibly be hired out in future.

It would seem that hackers nowadays are more motivated by commercial gain than ever before.

It would be an ironic outcome if the early antagonism directed toward Microsoft because of its supposedly ruthless commercialism was now directed toward Apple because of the ruthless commercialism of some hackers.

Join the conversation

7 Comments sorted by

  1. Paul Richards

    integral operating system

    Phillip - Thanks for the article. Time will tell if the culture at Apple regarding security has serious since change of management. Generally if anyone is concerned with current issues just use Apple updates.

    United States Computer Emergency Readiness Team [US-CERT] has always given unbiased reports of all system vulnerabilities;
    http://www.us-cert.gov/current/

    It is interesting recent vulnerabilities reported largely by the Murdoch Group, are based around MS Word and Flash Installer written malware.

    report
  2. k d

    logged in via Twitter

    There are some misleading things in this article, and I don't think it's terribly well expressed. Fundamentally all of the malware mentioned in the article are the result of exploiting a single unpatched vulnerability in Java. Getting fully 0wned by the exploit requires the end user put in the admin password (which should be a red flag to may users). The malware is not a Trojan, it's a drive by download. Trojans on OS X are usually installed when end users install pirated software off bittorrent sites. Finally the technical exposition about C compilers makes little sense to me, I was under the impression that it was becuse Unix, which OS X has as a basis is built from the ground up to be multi-user and network aware, and so therefore has some fundamental security features built in, as compared to Windows which these features were basically an afterthought (and created some interesting historical baggage for them that took at least a decade for them to fix adequately).

    report
    1. Ben H

      logged in via email @gmail.com

      In reply to k d

      I agree, the comment about both OS X and Windows being written in C is both irrelevant and vague to the point of inaccuracy, like a lot of the technical claims in the article. (Trojans can only be acquired from Word docs and Java exploits? Really?)

      Apple have a history of dragging their feet with releasing updates Java for OS X, and as their market share has increased it was only a matter of time before the OS X ecosystem presented a viable target for malware authors.

      report
  3. Con Zymaris

    Untethered Polymath

    No computing platform is immune to malware. Even platforms which require digitally-signed executables are vulnerable, let alone general purpose operating systems (OS) such as Windows, Mac OS and Linux.

    Fundamentally, the question isn't: "is my OS vulnerable?", but "is it at the lower end of the scale of risk for malware attack?".

    In general, Mac OS X and Linux are at the low-end. Different versions of Windows are at the higher or high end. This reality occurs for a number of reasons, some of which are outlined in this paper:

    http://cryptome.org/cyberinsecurity.htm

    All that computer users can do is select the most secure platform that achieves their requirements and be vigilant to follow industry best-practice in helping keep that platform and their data safe.

    -- Con

    report
  4. Philip Dowling

    IT teacher

    I certainly agree with :-
    "the market share enjoyed by Windows PCs was so much greater than that of Macs. If a hacker was to construct malware that relied on a particular operating system to get around, it was far more likely to land on a PC than a Mac, so it made sense to write it for the PC."
    I am so old that I can recall that users of Microbees and BBC computers rejoiced if a hacker could be bothered to write a virus for either of these.
    It is hard to comment on "Windows software, at least…

    Read more
  5. Daryl Deal

    retired

    Hmm, that myth Apple Mac's were invulnerable to computer virus, key loggers, trojans or rootkits, was dispelled long ago in a place called Vancouver, British Columbia.

    Here, since 2007, at an annual CanWest Security conference, where computer security whitehats compete in a competition called "PWN2OWN". Guess which computer, has been proven the most vulnerable, since then.

    History, also tells us the grand daddy of all modern computer rootkits/virus, was written to run a pop up message on the infected Apple ][ Computer. Thus Apple computers, have always been a target, since the day the TRS80, invaded all walks of life.

    Only a complete fool or a computer noob, with their heads stuck in the sands of denial, would think their computer is invulnerable to any form of attack.

    report
  6. Michael James

    Research scientist

    I've got to say I am not convinced by any of this. The original report/claim comes from a Russian anti-virus site/company called DrWeb, who claimed that up to 550,000 Macs were infected. Next thing this unsubstantiated report is spreading around the media world faster than any virus.

    So far, from reading comments on many of the media stories I have not read a single Mac user who reports being infected. A small sample perhaps but still how does one confirm such stories and how does one get a reliable estimate of infection?

    Sorry, sceptical scientist who has used PCs and Macs for 25 years and never once experienced a virus. Of course I may have benefitted from having institutional network protection, but equally I find scepticism as the first response is generally more likely to be correct.

    report