Browse by Category

Desktops (3)

Software (11)

Laptops (5)

Accessories (7)

Servers & Storage (3)

Security (1)

Mac Support London / Blog / Security / Virus and Malware for Mac OS set for dramatic rise in 2012

25.09.2011

Viruses and Malware for Mac OS set for dramatic rise in 2012

For years Mac owners have felt secure in the knowledge that the problems of virus and malware are things that only happen to PC users. This era of peace looks set to be drawing to end, with reports of an increasing number of both malware and viruses targeting Macintosh Operating Systems.

While PC users are still much more likely to fall victim to one of the estimated 40 million malware programs that prey on the Windows operating system, experts warn that a dramatic rise in the number of threats to Mac users is imminent.

The threat of infection is further increased by the secretive nature of modern malware. It's possible that your machine could be compromised and you would be totally unaware of it, because the malware is designed to be hard to spot. It's in the interests of those who design the threats that their malware go undetected, as this gives them long term access to your machine, allowing them to collect data and/or send spam from your computer.

Examples of Infection - The Fake Antivirus

Ironically, an extremely common method of infection is for the malware to be disguised as antivirus software. A recent example of this is the Mac Defender scam.

Fake antivirus software follows a familiar strategy. The user arrives at a website and popup window inform them that their computer has been scanned and is infected with a terrible virus of some kind. The window advises the user to urgently install some software to clean their system. However, this software will in fact be a virus, and once installed will either bury itself deep in the Operating System and start doing horrible things to the computer, or ask for personal information under the guise of product registration, or even demand payment via a system which will probably allow collection of bank details.

The most effective way to cope with this type of infection is not to install the fake antivirus software in the first place. However some of these pop up windows are impossible to close in the normal way, offering only a 'continue' process with no 'cancel' command.

Dealing with Sneaky Popups

When faced with this kind of stubborn popup, it's possible to close the window by killing the process in the Activity Monitor located in the /Applications/Utilities/ folder. Once you've accessed the Activity Monitor, select the application or task you need to kill, and click on the red 'Quit Process' button in the left corner of the app window. You'll be asked to confirm your instruction and doing so should stop the task. If the process refuses to end at this point, it's possible to then select the 'Force Quit' button which will terminate the target application immediately.

Experts warn that an increase in this type of infection is expected imminently, due to the release of Delphi XE2. Delphi XE2 has been developed to be compatible across Windows and Mac operating systems, and it allows attackers to compile all the fake anti-virus malware they were using to target Windows users for use against Mac OS users.

Examples of Infection - The 'Trojan Horse' and 'Backdoor' software

Trojan Horse malware is named after the famous strategy employed by the Ancient Greeks during their war with Troy. After the citizens of Troy resisted all attempts to penetrate their defences, the Greeks built a massive wooden horse, which they dragged to the city gates as a gift and tribute. They then withdrew. Unknown to the Trojans, the horse was full of Greek warriors, and after the Trojans had dragged it inside the citadel and gone to sleep, these warriors emerged from the wooden horse and opened the city gates to let in the rest of Greek army, who had returned under cover of darkness. Troy was destroyed and the Greeks won the war. So Trojan Horse malware is a threat that gains access to a computer by lurking inside a file or program the user willingly allows past their defences.

Earlier this month security companies announced that two new Trojan Horse malware programs had been identified that target the Mac. One was designed to look like a Chinese Lanaguage PDF, and the other was masquerading as the installation package for a Flash Player to work on OS X Lion.

Trojans - an example, and what to be wary of

The fake Chinese language PDF was actually a program which opened a secret backdoor connection to a remote server, giving access to any compromised machine. This method has long been used to target Windows Operating Systems but this is the first time it has been seen aimed at the Mac. This type of fake file is said to be using a technique called the 'double extension' - in this case using the addition of the characters .pdf to a filename to disguise the fact that it is actually an executable file. The infection procedure here is a two stage process. Activating the fake PDF document does open a PDF for the user, but this is just a cover for the program to also install a Trojan 'dropper' application on the target machine without raising the user's suspicions. This 'dropper' program then installs a 'backdoor' application that connects the compromised machine to a remote server controlled by the attacker. Now the attacker can take any data they wish from the infected machine and insert whatever they like into it as well.

How to stop them

The first line of defense against this type of infection is simply training yourself to get into the habit of scanning every file you download with anti-virus software before activating it.

Protection Software

If you suspect you have accidently installed some malware, search engines can be useful for providing ways of both identifying the infection and giving instructions on how best to remove it, but in these increasingly dangerous times we suggest that some form of protection software is a must.

Apple Mac operating systems can include basic antivirus detection software but reports suggest that it is not updated regularly enough to offer adequate protection. Therefore we advise our readers to purchase additional protection, having found that neglecting to do so on grounds of cost can often prove to be false economy.

Worried about viruses?

Why not book your Mac in for a health check?

There are a wide selection of companies that offer anti-virus products for Mac OS. For the benefit of readers, we've compiled the following list:

Finally, Bitdefender have recently announced software that offers protection for Mac users from social media based threats.
 

back to Security

Other Services We Offer | Mac Support outside London | our other Friends & Partners | Privacy Policy

Mac Support London, The Print Room Building, 34/36 Hereford Road, Notting Hill Gate, London W2 5AJ - telephone 0207 561 3525