Malware Keeps Creeping Onto Mac OS X

Malware on the Macintosh platform is nothing new, although it remains a far less common occurrence than attacks on Windows — a fact that Apple and its fans have long been quick to point out.

But the danger of Mac malware continues growing with new attacks now surfacing. Researchers at security vendor Sophos warned about two new threats this week: the e-mail worm OSX/Tored-Fam and OSX/Jahlav-C, an attack that forces malicious code on visitors to a faked adult Web site.

“Although there is only a tiny amount of Mac malware compared to Windows viruses, that’s going to be little consolation if your gorgeous new MacBook gets infected,” Sophos security blogger Graham Cluley said in a blog post. “And sadly we know that many Mac users still believe they are somehow magically immune from attacks.

“As we’ve demonstrated before, and as we’ll no doubt explain again, the Mac malware threat is real,” he added. “Hackers are deliberately planting malicious code on websites, and using social engineering tricks to fool you into installing it onto your computer.”

According to David Perry, global director of education at Trend Micro, the threats are each more than several weeks old. Still, Apple (NASDAQ: AAPL) Mac users need to be aware that such risks exist.

Vendors are also increasingly pushing products to help defend against the threat. Trend Micro released its Smart Surfing product for Mac OS X in late April, though there are only a few threats to Macs, Perry told InternetNews.com.

“We’re fighting five or six things on the Macintosh versus about 30 million on the PC. We get one thing every two seconds for the PC, about 50,000 each day,” he said, although he added that the threat had proven sizeable enough that Trend Micro developed new protections for the platform.

“Automated crime is a horrible thing,” he added. “We found it necessary to produce a scanner for the Mac.”

Part of the danger, Perry warned, is that Mac users won’t know they’re infected.

“There’s the intent to plant a botnet on your system,” he said. “Don’t expect to every see anything that leaves a visual symptom.”

“You will not get a system slowdown and it won’t delete files,” he added. “They just want your credit card number.”

Perry said that the botnet economy makes it possible to attack the Mac OS, but more profitable to attack Microsoft (NASDAQ: MSFT) Windows.

[cob:Special_Report]”If I’m the Russian mafia and it costs me $150,000 to make an attack, should I attack the 97 percent of the market that is Windows or the 3 percent that is shared between Linux and Macintosh?”

Perry added that phishing attacks, which simply require a user to enter valuable personal information into a Web browser, are possible against any platform.

He also noted that the applications that run on a Macintosh can be susceptible to hackers. “A vulnerability means that there is a door left open in a program that permits people to attack it. There are gazillions of vulnerabilities on a Mac.”