New threats targeting Macs

Johannesburg, 06 Jan 2009

2008 saw a number of new threats targeting Macs, according to a report by Intego, titled the “Year in Mac Security Report”.

In November, Apple updated a document suggesting that Macs should run anti-virus software, but later withdrew the document as perceptions that Macs were particularly vulnerable to malware grew.

This cautious approach to its vulnerability to malware could have contributed to the growth in attacks on Mac users. According to the report, “some of the more serious issues today are those related to flaws in software and in operating systems” and “like other vendors in the market, Apple's Mac operating system is often found to contain vulnerabilities”.

The report reveals that Mac users have experienced far more security problems in the past two years than in previous years. In 2008, Apple issued 35 security updates for Mac OS X, QuickTime, Safari, the Apple TV, iPhoto, iLife, the iPhone and iPod touch. While this number may be down from the 38 security updates issued in 2007, it remains high compared to the 22 updates issued in 2006 and 23 in 2005.

According to the report, one of the most common forms of malware seen in 2008 was the RSPlug Trojan horse - with a number of variants reported over the year. The original RSPlug Trojan horse installed software called MacCodec. Variants of this malicious program were first seen in April.

The report reveals that, in June, a new Trojan horse, OSX.Trojan.PokerStealer - which gained access to Mac operating systems when users entered the administrator's password - proved even more dangerous as malicious users could take control of the operating system, delete files and even damage the operating system.

In August, a malware program, called OSX.Lamzey.A - which was claimed to open a back door, which gives hackers remote access, on compromised Mac computers - was reported. In November, another variant of the RSPlug Trojan horse was discovered, this one even more malicious than the ones before it.

According to the report, this Trojan functioned as a “downloader, which contacts a remote server to download the files it installs and in the future, the downloader may be able to install other payloads than the one it currently installs”.

Scareware was also featured in attacks on Mac users. According to the report, “several scareware programs were released throughout the year, in an attempt to frighten Mac users into buying bogus security software. This was a Mac version of a common Windows scam - selling software that claims to keep you safe, but actually scams you”.