On MovieTome: The 10 worst movies of 2009 so far!
BNET Business Network:
BNET
TechRepublic
ZDNet

January 26th, 2009

Mac malware will become endemic amongst high-risk groups

Posted by Adam O'Donnell @ 10:34 pm

Categories: Anti Virus, Apple, Malware, Viruses and Worms

Tags: Apple Macintosh, Trojan Horse, Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Adam O'Donnell

Two Mac trojan outbreaks were spotted in the past week leaving several people, including myself, to wonder if the tipping point for the Mac malware epidemic has arrived. Frankly, I don’t know, but I tend not to think so. I do think, however, that Mac malware will now become endemic amongst the high-risk groups such as file-swappers.

This past week a trojan claiming to be the latest iWork release was spotted on file sharing networks. Shortly thereafter, a similar trojan was sighted that masquerading as a crack for Photoshop CS4. Both events are making some people question whether or not the Mac’s long tenure as being a malware-free system is coming to a close and to face facts and install AV software.

The short answer is if you are a relatively well-behaved computer user, probably not. Mac malware is not endemic amongst the general population due to these events. The trojans of the past week is not self-propagating beyond the high-risk population, namely file swappers, and is relatively easy to find, analyze, and remediate. This is in stark contrast to PC users who have been hit with the Downadup/Conficker worm, which propagates via three orthogonal vectors and includes one remote exploit, and actively prevents you from visiting websites that contain remediation tools.

I do think the relative halcyon days of malware-free Macs are coming to an end. Anyone who is currently infected by the new malware will remain infected without direct human interaction due to the lack of any automatic mechanism for the identification and removal of malware. That means there is a non-zero population of Mac users who are now compromised and will remain compromised unless they either clean their machine or they buy a new system. Sounds familiar, right?

The question I want answered is whether or not the monetization rate of compromised Macs is sufficient for the malware authors to continue to pursue the platform. If not, these events will be a blip on the radar; otherwise, Mac owners better keep their Time Machine backups up to date.

Adam O'DonnellAdam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000. He currently is the Director of Emerging Technologies at Cloudmark, a messaging security company located in San Francisco. See his full profile and disclosure of his industry affiliations.

Email Adam O'Donnell

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 80 Talkback(s)
RE: At ZDNet, we write whatever we are in the mood for-facts be damned
this is all wishfull thinking and 'whistling past the graveyard' from
people who HAVE NOT A CLUE what they are writing about;
Just because you are a defacto Microsoft publication (MSNZD)
d... (Read the rest)
Posted by: gennx30 Posted on: 08/12/09  (Edited: 08/12/09 @ 10:15) You are currently: a Guest | | Terms of Use
Of course they are  cfischer83@... | 01/26/09
Removal isn't that tough  Fred Fredrickson | 01/27/09
Windows malware...  JoeMama_z | 01/27/09
OS X and Windows  frgough | 01/27/09
But doesn't mean it won't  Pliny the Elder | 01/27/09
Perhaps but that 200 has as a starting point a Unix  James Quinn | 01/27/09
whats the difference  Hogleg | 01/28/09
Right back at you  tikigawd | 01/28/09
But the saddest part of it...  Wolfie2K3 | 01/27/09
worked for Microsoft :P  JoeMama_z | 01/27/09
Yeah  vmaatta | 01/27/09
re: Yeah  Badgered | 01/27/09
BS  vmaatta | 01/27/09
Re:  dvm | 01/27/09
Until 1.5 million or more...  arminw | 01/28/09
Well said.  914four | 01/29/09
Same goes for Windows  TasteeWheat | 01/30/09
All software is of dubius origin.  deowll | 01/30/09
I"m a Mac user and I don't have AV  frgough | 01/27/09
And yet OS X was the only one hit with a drive by in PWN2OWN  NonZealot | 01/27/09
Can the same code effect a Windows machine as it  James Quinn | 01/27/09
dose of reality  macadam | 01/28/09
More like, dose of fantasy.  rtk | 01/28/09
You are right to a point  macadam | 01/29/09
I seem to remember...  914four | 01/29/09
In other words...  MyMac | 01/27/09
Well since...  Sleeper Service | 01/27/09
Remember the old parable  MGP2 | 01/27/09
True  macadam | 01/28/09
RE: Mac malware will become endemic amongst high-risk groups  WHG3 | 01/27/09
RE: Mac malware will become endemic amongst high-risk groups  Gis Bun | 01/27/09
Anti-virus software on MacOS  Michael Fournier | 01/29/09
AV is not the solution!  forrestgump2000@... | 01/27/09
Don't run as admin  rpmyers1 | 01/27/09
Wrong. Anti-virus software is the ONLY thing  Lerianis | 01/27/09
So far I've learned that Porno sites are questionable.  James Quinn | 01/27/09
Actually.... most porno sites are pretty safe  Lerianis | 01/27/09
I thought Macs can't get malware??? WTF?  NStalnecker | 01/27/09
Don't think they did.....:P  James Quinn | 01/27/09
I found the Apple commercials enteratining but...  flyerbry | 01/27/09
Except that A Trojan...  arminw | 01/28/09
re: Don't think they did  Badgered | 01/27/09
Virus is not the same as Malware  snberk341 | 01/27/09
huh?  Badgered | 01/28/09
RE: Mac malware will become endemic amongst high-risk groups  jcuevas711@... | 01/27/09
What would AV do?  TripleII | 01/27/09
Get a life... stuff off p2p sites  Lerianis | 01/27/09
Yes, that can happen  macadam | 01/28/09
RE: Mac malware will become endemic amongst high-risk groups  phatkat | 01/27/09
Trojans from stolen software?  Ken_z | 01/27/09
People keep referring to this extra protection that OS X offers  NonZealot | 01/27/09
really NZ, are you serious?  rtk | 01/27/09
There IS extra protection  arodriguez@... | 01/28/09
tested, not true  rtk | 01/28/09
Read the whole post  macadam | 01/28/09
As if paid does  rpmyers1 | 01/28/09
EULAs  macadam | 01/28/09
comparable to viruses endemic amongst needle-sharers  Bruce Walker | 01/28/09
Keep Believing That  whcressall@... | 01/28/09
If I mail you a hammer...  arodriguez@... | 01/28/09
How is it down there in the dark, with your head in the sand like that?  jblakeney@... | 01/28/09
Yes, remain alert  Bruce Walker | 01/28/09
Let's get this straight from the beginning...  mikifinaz1@... | 01/28/09
Blog title of the day  macadam | 01/28/09
no matter how many times it's repeated  rtk | 01/28/09
RE: Mac malware will become endemic amongst high-risk groups  Michael Fournier | 01/29/09
Numbers are catching up with Mac's  jscott418 | 01/30/09
RE: Mac malware will become endemic amongst high-risk groups  Jay4614 | 01/30/09
More FUD from ZDNet  JoeBob_z | 01/30/09
RE: Mac malware will become endemic amongst high-risk groups  compumaster428@... | 01/30/09
RE: Mac malware will become endemic amongst high-risk groups  JeremyBoden | 01/30/09
That's the primary OS X security trick too  JoeBob_z | 01/30/09
RE: Mac malware will become endemic amongst high-risk groups  chucksjc@... | 01/30/09
The Mac ain't idiot proof  JoeBob_z | 01/30/09
why is ZDnet pushing the idea of Mac viruses?  Hobyx | 01/30/09
Why not?  mustangj36@... | 02/01/09
No, it's because Windows is EASY to hack  JoeBob_z | 02/01/09
User cooperation is the key.  mustangj36@... | 02/02/09
RE: Mac malware will become endemic amongst high-risk groups  Rick56 | 02/02/09
RE: At ZDNet, we write whatever we are in the mood for-facts be damned  gennx30 | 08/12/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here