1 in 5 Macs Has Malware [STUDY]

Mashable ^ | 24 Apr 2012 | Todd Wasserman

[for-q-clinton]

In a challenge to the prevailing belief that Apple computers are immune to the sort of cyberattacks that plague WIndows-based machines, research firm Sophos has released a study claiming that one in five Macs have malware.

The report, released on Tuesday, is based on a “100,000-strong snapshot” of the millions of Macs that downloaded Sophos’s free Mac antivirus software. The study found that 20% of Macs were carrying one or more instances of Windows malware.

Such malware doesn’t cause symptoms unless the Mac owners run Windows on their machines, but it can be spread to others.

However, this doesn’t appear to be solely a Windows-based problem. The report also found that 2.7% of Macs were infected with Mac OS malware. The majority of such Mac OS malware is composed of fake antivirus attacks, like the recent Flashback botnet. Mac owners can contract such malware by downloading email attachments, visiting rogue websites and unknowingly installing it via their USB drive. The chart below provides a breakdown of the types of Mac OS malware:

To avoid downloading such malware, Sophos recommends running an antivirus program and keeping it up to date, exercising caution about which links you click on, keep software patches current and keeping an eye out for email-based scams.

[dayglored]

> Looks like Mac users may want to consider running Windows 7 to secure their machines.

And in case your Apple-hatred-soaked brain can't remember what you said that started your TROLLING spree, it was the above crap.

Troll.

[dayglored]

Swordmaker: I'm really astonished at this thread. Crap from start to finish, with a false premise and nothing but innuendo. I thought 4Q had more brains than this. What a lousy excuse for trolling.

4Q: Please return to your less-laughable earlier attempts at trolling and Apple hate threads. This one's a loser. Dude, you're really slipping.

[Swordmaker]

You mean like you lump windows XP with win7?

Why not, when Windows XP is the majority operating system out there... I just provided PROOF!

YOU lump OSX Lion and Snow Leopard with All OSX operating systems when Snow Leopard IS the majority OS for Apple now.

[Swordmaker]

Let's look at RSPLug Trojan now... the one accounting for 5.5%... WOW that one is really scary for us Mac users... here is what Symantec says about it:

Discovered: October 31, 2007
Updated: November 2, 2007 7:14:05 AM
Also Known As: OSX/RSPlug-A [Sophos], OSX/Puper [McAfee]
Type: Trojan
Infection Length: Varies
OSX.RSPlug.A is a Trojan horse that runs on Macintosh OS X and changes the DNS settings on the compromised computer.

For further information please read: The Double Attack: Windows Attack and now also Mac Attack Antivirus Protection Dates

Initial Rapid Release version October 31, 2007 revision 051
Latest Rapid Release version April 17, 2012 revision 007
Initial Daily Certified version November 1, 2007 revision 003
Latest Daily Certified version April 17, 2012 revision 019 Initial Weekly Certified release date November 7, 2007
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild
Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy

Damage
Damage Level: Low
Payload: Modifies the DNS settings on the compromised computer. Distribution
Distribution Level: Low

Writeup By: Stuart Smith

Did you NOTICE the "Number of Infection"? ZERO to 49? That was true because the number in the wild was actually ZERO! None were ever found to have infected a Mac in the Wild... it existed in the wild, but it DID NOT WORK! That takes care of this one... they find it in emails... but it simply DOES NOT WORK... and in fact, it would have only worked, if it did, on PowerPC Macs...

[Swordmaker]

As for Trojan/OSX/JahLev, this was a "Yes, With Love" Trojan candidate that was SENT to F-Secure labs as a proof of concept back in November 26, 2008... and was NEVER seen in the wild. No other AV site ever saw it. IT never worked and the JAHLEV website it supposedly linked to never had any "malicious files" or any other files ever on it. In fact, Symantec does not even have a listing for it. The only thing found on searches on Macs are mention of its in files, which are removed... for safety purposes. The actual "trojan" is about 400 Bytes in length and was considered a joke at the time. IT is a joke... strange that Sophos finds it on 1.2% of Macs scanned. The other 0.4% are old stuff that literally doesn't pose a threat.

I've already covered WHY the 75.1% hit of the OSX/Flshplyr gets seen at all now... because Sophos disables the built in Apple anti-Trojan software to see anything at all!

[TXnMA]

...but his Microsoft paycheck makes up for it...

[zeugma]

Emacs is an operating system pretending to be an editor.

[af_vet_rr]

I know of two people who got the Flashback trojan, but like I said in the other thread, they both had teenagers they aren’t monitoring, and it’s likely those teenagers visited the wrong sites or downloaded the wrong software.

[dayglored]

> Emacs is an operating system pretending to be an editor.

Over the years I've used Emacs (both the Gnu and UniPress varieties), vi, DEC's EDT, MicroEmacs, Nano, TextPad, UltraEdit, and a dozen lesser varieties. And I've not only used ed when vi wasn't available... I wrote a line editor similar to ed for a system that had no editor at all.

But none compare to Emacs in terms of pretension.

Emacs is a committed lifestyle masquerading as software.

Emacs is a philosophy of life masquerading as a religion (in which Richard Stallman is God).

Emacs is the only editor with an associated 12-step recovery program.

(To be fair, Emacs is not, however, the only -software- with an associated 12-step recovery program. Consider Second Life...)

[brytlea]

It’s funny, I always had PCs and got a Mac last year. After a day I really loved my Macbook and now also have an IPad (my husband’s hand me down). I really like them both. Of course, I don’t care at all what anyone else chooses to have, as I think everyone has different needs and different tastes in what works for them.
But I never thought a Mac would be my preference. For me, I just like the way it feels and works. Hard to explain. Of course, it helps that I haven’t had any trouble with it at all. And it gets a LOT of use. Now I hope I haven’t jinxed it! :)

[brytlea]

I like Imovie except I have some videos made by a machine I got that converts VHS tapes to DVD and it cannot read that format. I think have to get another software called Toast to convert them. But otherwise, I have really liked Imovie. I did have to find a little work around for some older .mov files from my Kodak Easyshare, but someone had posted how to do it out there on the vast and wonderful internet. :)

[SunkenCiv]

I didn’t realize there were that many with Windows installed on a partition.

[zeugma]

But none compare to Emacs in terms of pretension.

Emacs is a committed lifestyle masquerading as software.

Emacs is a philosophy of life masquerading as a religion (in which Richard Stallman is God).

Emacs is the only editor with an associated 12-step recovery program.

 LOL!

I must admit that I've never actually spent enough time attempting to learn emacs to give it a serious chance. vi is everywhere, which is the main reaon I've taken the time to learn about 10% of its features. You can't necessarily depend upon emacs being on a system, so it's not nearly as useful to me.

I really liked Textpad too. Still have a license file sitting around somewhere for it. I started using it because they used to have Brief keybindings, which I was really into for quite a while after I finally had to give up Brief, which was, by far, the best editor I have ever used. vi comes close, but Brief is the standard I measure everything by. The scripting language alone that came with Brief was awe inspiring.

Any other fans of Brief (by Underware - before Borland bought it and promptly let it die)?

[dayglored]

I'm mainly using vi these days, for the same reason you state -- ubiquity -- and the fact that it runs great over a slow network with nothing but an 80x24 xterm. And likewise, I learned about 10% of its features and do just fine. :) Most of my vi editing is system config files and logs, and it's super for that.

Granted, my early years with modeless editors like Emacs and EDT cause me to consider mode editors such as vi some lesser entities. And at one point, I'd been using EDT on DEC VAXen for so long that when I transitioned to non-DEC gear and lost EDT, I grabbed the source for MicroEmacs and wrote what I called "EDTmacs" -- Emacs under the hood, but with support for the EDT commands and keypad commands. And since it was portable C, it ran on half a dozen different systems, including MSDOS and MacOS (given a programming environment).

Raw Emacs was never actually my favorite -- I always redefined everything to match my idea of a Good Time.

Ah, Brief! Yes, I used and enjoyed it!

And BTW I forgot to mention Nedit, which I use on my NetBSD Unix and various Linux systems with X11 support. Very handy.

[antiRepublicrat]

The truth is that these macs are probably running XP a decade old OS. If they ran win7 they’d be a lot better off.

Most of them probably aren't running any Windows. I have hundreds of Windows viruses on my Mac, all sitting in the Junk and Trash folders in Mail, attached to spams targeted at Windows users. My XP, 7, 2003 and 2008 instances in an internally networked VM on the Mac don't have any viruses, but then they don't get much contact with the outside world either.

[Hodar]

I don’t work for, nor have any stake in any anti-virus software company.

Most Windows users actually do install, and run anti-malware software packages. There are many good, FREE and easily used packages out there (Ad-aware, Spybot, MSFT Internet Essentials, Malware Bytes to name a few)in the Windows market.

Mac OS, because it’s based off the Darwin kernal; has enjoyed a very secure OS - due to it’s inherently more secure Unix background, but also due to it’s relative “obscurity” in the market. If you are a malware hacker, it’s easy and smart to go after the large targets. However, the large targets (Windows) are savvy to virus, trojans and other malware attacks. Therefore, being aware of them, they take steps to prevent being infected.

Then we have people like you ... who are woefully ignorant of malware. Now, I really don’t care if you get infected and lose everything you have on your drive. Ignorance coupled with stupidity should be painful. However, your ignroance will likely infect some other innocent user.

Apple is now a big company, and the Macs are getting dominance (up from 3% marketshare and approaching 15%). And the folks who write software that expands the capabilties of the OS do not have a vested interest to make these add-ons security-safe. I offer Adobe Flash (historically the #1 vulnerability that has allowed viri into the Apple OS) and Java (the largest recent Flashback trojan) as examples. Chances are very good you have both Java and Flash installed on your Mac. Unless you have updated your Mac OS AND updated your Adobe and Java installs - you are vulnerable. And that is just what is known of today. Tomorrow there will be more.

So, if you feel like getting the “sad Mac” at boot, and losing everything on your disk - that is your decision - and a stupid decision it is.

There are FREE Mac malware programs. Sophos makes FREE anti-malware software, Malware bytes, PCTools iAntivirus and others will all do what you want - free of charge.

The days of security through obscurity are gone. If you want to lose everything on your Mac that you hold dear - that’s fine. Then, you can explain to your family members who also use a Mac why you infected them, because you were too stupid/lazy to protect your system. Malware can forward itself to everyone in your email address book, send your personal information (such as any credit card info from any online purchase) to some criminal’s email drop box, then to help cover their tracks - destructively format your hard drive. By the time you figure out that your account has been compromised, it’s been cleaned out.

[ShorelineMike]

Another long-time vi fan here … but I also remember brief.

It appears that basic (free) and professional (paid) versions of Brief are still available from the BriefEditor website.

We now return to your regularly scheduled Macintosh thread. (LOL.)

[B Knotts]

But vi isn’t even an editor, when you first start it.

With Emacs, you start it, and you can edit. You don’t have to first put it in “edit mode.”

[kevkrom]

With Emacs, you start it, and you can edit. You don’t have to first put it in “edit mode.”

I refuse to use an editor that I can actually use as my login shell. Vi is a great editor if you're going to use it every single day, but I'd never recommend it for someone who only uses it occasionally.

[B Knotts]

I refuse to use an editor that I can actually use as my login shell.

I have done that, just as an experiment. Not very practical, but certainly possible.