Expect More Mac Attacks In 2008

Expect More Mac Attacks In 2008


The lazy days that Mac users will be able to enjoy freedom from malicious security threats may be numbered.

As sales from iPhone and Macbook Air continue to bring Apple's market share ever upward, attackers will be poised and ready to exploit the Cupertino-based company's success by executing malicious code attacks on the Mac platform.

While malware attacks are not new to the Mac platform, overwhelming reports have indicated that attackers are increasingly honing in on Macs for large-scale monetary gain -- a trend that security experts say is still relatively new to the platform.

A recent Sophos security threat report stated that hackers have realized there is a "viable and profitable" market ripe for the picking, and are targeting Macs with the same financially-motivated schemes as they did with PCs.

Up until recently Mac users browsed the Web freely with very little worry about infection from a self-replicating Trojan botnet. Meanwhile, their poorly protected Windows-using counterparts had to constantly update their machines with the latest security software lest they be infected by yet another malicious exploit.

Not so anymore, experts say. Researchers detected the first malicious and financially driven Mac attack in November of 2007, when multiple versions of the malicious OSX/RSPlug Trojan horse appeared to be specifically designed to infect Mac computers for the purposes of phishing and identity theft, according to the Sophos report.

"As we see a rise in the volume of malicious attacks, there's the concept that all boats rise with tide. It's inevitable that we will continue to see more Mac -related attacks," said Mike Haro, senior security analyst at Sophos. The enterprise IT security company was recently granted a two-year renewal by hair care giant Conair for its Enterprise Security and Control license for the Mac environment.

"We see an indication that cyber criminals have realized that profit can be generated through Mac OS attacks when leveraging vulnerabilities," added Haro.

While not particularly malicious, another rogue application known as MacSweeper popped up on Macs in late December 2007, which was discovered by researchers at McAfee. The bogus program falsely notified users that something was awry on their computers and then tricked them into paying for a cleanup. While new to Macs, PC users had experienced a similar scam on their machines in years past.

"The more popular Mac OS becomes, and the more that businesses look at it, the more of a target it's going to be," said Dave Marcus, security and information manager for McAfee Avert Labs.

Continuing with recent malware trends, malicious Web 2.0 attacks are likewise crossing the platforms. Sophos researchers maintained that they are discovering 6,000 new infected Web page a day -- roughly translating into one every 14 seconds. About 83 percent of those Web pages are hosted by well-intentioned and unsuspecting companies and individuals, the report said.

However, nothing is sacred anymore, experts maintain. Cybercriminals can target all platforms by spamming out e-mails containing links to malicious Web sites, which can determine if the visiting computer is a Mac or PC, and subsequently deliver customized malware written for the respective operating system.

Echoing the predictions of their counterparts, executives at Trend Micro recently asserted that they also plan to prepare for more attacks that target Macs. "Before, hackers were attacking Windows platform because they hated Microsoft," said Eva Chen, Trend Micro CEO and co-founder.

Chen said that criminals now just want to make money, whether that platform is Macintosh, Linux or Windows. "There is way to get to your information and make money," she said. "Therefore we see more (attacks on) Macintosh mobile devices, Linux, even games."

The answer to this problem might be somewhat of a stretch for Mac users. Protection might entail taking a big bite out of humble pie and learning from the age-old security practices of their PC-counterparts, experts say.

"You'll have to take a page from good PC practices, and install certain levels of security software," said Haro. "What is in store in 2008, or whether we'll see a dramatic rise -- who knows?"