Macs under attack?

It's arguable that the recent Flashback Trojan episode has been the tipping point when it comes to changing the face of the Mac security threatscape. But who is targeting OS X and iOS devices, how are they doing it and should the average business user be worried? Davey Winder investigates...

As many as one in five Mac computers harbours some kind of malware infestation, according to research by security giant Sophos. That includes Mac-specific threats as well as the more usually thought of Windows malware hitching a ride on any computer that will transport it.

At present, its cool and trendy image outweighs the security concerns for the individual but not for the businesses that are trying to manage BYOD.

Some 100,000 Macs running its own anti-virus software were analyse by Sophos, which found that around one in five were carrying some kind of Windows Trojan waiting to spread somewhere they could execute and cause damage. However, more worryingly for Mac users was the revelation that one in 36 were also found to be carrying Mac OS X-specific malware infections.

Sophos’ Graham Cluley isn't wrong when he suggests that Mac users "need a loud wake up call about the growing malware problem."

There has, for far too long, been something of the ostrich effect in play when it comes to security problems and Apple devices: bury your head in the sand and the problem will not impact upon you seems to be the order of the day, even from Apple itself. Indeed, visit the Apple Store website and prospective purchasers are assured that they can "Safeguard your data. By doing nothing" and explain that it's "thanks to built-in defences in Mac OS X that keep you safe, without any work on your part." But is that accurate? The evidence would seem to be mounting that no, Apple, it is not. Not any more, in any case.

Take the recent Flashback Trojan infection which spread to more than 600,000 Apple computers running Mac OS X, for example. According to Russian AV outfit Dr Web this spread disguised as an Adobe Flash Player installer, with 56 per cent of the infected machines being based in the US and around 13 per cent in the UK. Upon execution it asks for an admin password an attempts to infect the system, whether that password was given determines the route to infection taken.

A successful infection ends up with users modifying web content displayed by the browser, redirecting users to malware or scamware sites. The FlashBack Trojan accounted for some 75.1 per cent of the infections spotted by Sophos.