Malware Writers: Will That Be OS X, or W?
Security researchers increasingly are finding that sites designed to trick the visitor into installing malicious software will serve different malware depending on whether the visitor arrives at the page using a Microsoft Windows PC or a Mac.
Trend Micro researcher Ivan Macalintal recently found a new variant of the dreaded DNS changer Trojan that checks to see which operating system the visitor's Web browser appears to be riding on, and then offers the appropriate Windows- or Mac-based installer. The malware was masquerading as a pirated version of Foxit Reader and several anti-virus applications.
This follows a similar finding last month by McAfee, which spotted the same tactic being used at sites that try to trick the user into installing a browser plug-in supposedly needed to view online videos: The bogus plug-in was offered as a ".exe" file for Windows visitors, and a ".dmg" installer file for those who browsed the site with a Mac.
Meanwhile, Symantec warned last week that it had detected several blogs that were advertising free, streaming online copies of movies that were just released in the theaters. The lure is once again a fake video plug-in, followed by either a Mac- or Windows-based version of the DNS Changer Trojan.
No doubt, threats to Windows-based systems far, far outnumber those built to run on Mac OS X machines. But these latest attacks are interesting because they show that cyber criminals more often now are thinking of Mac users when crafting their attacks.
Each time I write about threats to Mac systems, the comments I receive generally fit into two categories:
Startled: "Yikes! Does this mean I should be using anti-virus software for my Mac??"
Indignant: "Macs are soooo much more secure than Windows!! More sour grapes from a Windows fanboy!"
A couple of responses, up front.
To the Startled: No, I wouldn't recommend rushing out and buying an anti-virus solution for the Mac. Read my preemptive response to the indignant for an explanation.
To the Indignant: It's important to keep in mind that most threats, be they to Windows or Mac systems, no longer leverage security vulnerabilities. Rather. their authors target the desires, whims, and curiosities of the individuals in front the keyboard. According to Symantec's Internet Security Threat Report covering 2008, the percentage of documented malicious code samples that exploit vulnerabilities declined substantially last year, from 13 percent in 2007 to 3 percent in 2008.
Finally, Security Fix's rule of thumb on software comes in handy regardless of the operating system you're using: If you didn't go looking for it, don't install it. Also, if you can't vouch for the source of it, you're asking for trouble: Always download software from the vendor's Web site whenever possible.
August 24, 2009; 11:36 AM ET
Categories: From the Bunker , Latest Warnings , Safety Tips
Save & Share: Previous: TwitBlock Helps Root Out Spammy Followers
Next: Tighter Security Urged for Businesses Banking Online
Posted by: altruisticone | August 24, 2009 11:49 AM | Report abuse
Posted by: cyberfool | August 24, 2009 12:06 PM | Report abuse
Posted by: rzeman-post | August 24, 2009 1:58 PM | Report abuse
Posted by: news5 | August 24, 2009 2:15 PM | Report abuse
Posted by: Rixstep | August 24, 2009 2:56 PM | Report abuse
Posted by: dward__ | August 24, 2009 3:02 PM | Report abuse
Posted by: JamesMcQuaid | August 24, 2009 11:52 PM | Report abuse
Posted by: super8 | August 26, 2009 1:07 AM | Report abuse
The comments to this entry are closed.