Rather deceptive graphic. It says “Top Mac OSX malware found on Mac computers”...
Sophos 7-day snapshot of 100K Macs... What it appears to try to say is that 100% of Macs have malware... and the chart is breaking that down by the kind of malware. Yet it gives no information about where or how this “snapshot” was obtained... is it a blind guess in the dark? What 100K machines? Are they machines that are running the latest version of OSX with all updates? Or are these machines running older versions of the OS (that likely don’t have any patches)? Also - it doesn’t say infected, which would imply code that is active.
As I seriously doubt that Sophos has a Mac farm with 100K machines to test... where do they get this information? Are there 100K Macs with Sophos software installed?
I am looking for empirical data. Not guesses based on rumors and he-said, she-said or big claims by a company that has LOTS to gain by reporting such “findings”.
for-q-clinton, the OSX/FakeAV is the Mac Defender scare ware that was sent out last year... a dead issue. It was also sent out as an email... under the false impression from it’s authors that, like Windows, it would be auto-run from the Apple Mail app. It could not. Hell, I have some of those emails on my computers... they are laughable. If I click on them, the System warns me they are a Trojan. That accounts for 17.8% of the “found” malware. Enough said.
Discovered: October 31, 2007Did you NOTICE the "Number of Infection"? ZERO to 49? That was true because the number in the wild was actually ZERO! None were ever found to have infected a Mac in the Wild... it existed in the wild, but it DID NOT WORK! That takes care of this one... they find it in emails... but it simply DOES NOT WORK... and in fact, it would have only worked, if it did, on PowerPC Macs...
Updated: November 2, 2007 7:14:05 AM
Also Known As: OSX/RSPlug-A [Sophos], OSX/Puper [McAfee]
Type: Trojan
Infection Length: Varies
OSX.RSPlug.A is a Trojan horse that runs on Macintosh OS X and changes the DNS settings on the compromised computer.For further information please read: The Double Attack: Windows Attack and now also Mac Attack Antivirus Protection Dates
Initial Rapid Release version October 31, 2007 revision 051
Latest Rapid Release version April 17, 2012 revision 007
Initial Daily Certified version November 1, 2007 revision 003
Latest Daily Certified version April 17, 2012 revision 019 Initial Weekly Certified release date November 7, 2007
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.Threat Assessment
Wild
Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: EasyDamage
Damage Level: Low
Payload: Modifies the DNS settings on the compromised computer. Distribution
Distribution Level: LowWriteup By: Stuart Smith
I've already covered WHY the 75.1% hit of the OSX/Flshplyr gets seen at all now... because Sophos disables the built in Apple anti-Trojan software to see anything at all!