Sophos: Cybercriminals moving beyond Microsoft
Posted by Dennis Sellers 
Jan 22, 2008 at 12:41pm
IT security and control firm Sophos has published its Security Threat Report 2008, examining the threat landscape during the previous 12 months and predicting emerging cybercrime trends for 2008. The report reveals that in 2007 “organized criminal gangs for the first time arrived at Apple’s doorstep with the intention of stealing money.”
Sophos is warning computer users of all operating systems not to be complacent about security. The company notes that malware for Macs has been seen before, but until recently, organized criminal gangs have not felt the need to target Mac users when there are so many more poorly protected Windows PCs available.
However, late 2007 saw Mac malware not just being written by researchers demonstrating vulnerabilities or showing off to their peers, but by financially-motivated hackers who have recognized there is a viable and profitable market in infecting Macs alongside Windows PCs, according to Sophos. For example, many versions of the malicious OSX/RSPlug Trojan horse, first seen in November 2007, were planted on web sites designed to infect surfing Apple Mac computers for the purposes of phishing and identity theft.
“Cybercriminals have begun to notice a trend in consumer’s attractions toward Apple Macs during the last year,” says Mike Haro, senior security analyst at Sophos. “This trend has led to a number of viruses and malware created by hackers for the purpose of attacking a growing number of consumers who purchase Mac computers. Mac users need to be aware that while the threats that exist right now are few in number, they still need to take adequate measures to protect themselves.”
Sophos experts are now discovering 6,000 infected web pages every day—one every 14 seconds, he says. Eighty-three percent of these web pages actually belong to innocent companies and individuals, unaware that their sites have been hacked. Web sites of all types, from antique dealers to ice cream manufacturers to wedding photographers, have hosted malware on behalf of virus writers, Haro says.
Cybercriminals can target any computer user by spamming out emails containing links to the poisoned webpages and directing unsuspecting victims to the malicious code. The website can determine if the visiting computer is a Mac or a PC, delivering malware custom-written for the surfer’s operating system, Sophos warns.
As computer users wise up to traditional malware attacks, such as email-born worms, Sophos says that the wider use of new mobile technologies and Wi-Fi enabled devices, like Apple’s iPhone and iPod touch, may be opening new vectors of attack for hackers. Flaws have been found in the mobile email program and Safari browser installed on these devices, the company says.
While uptake remains limited, cybercriminals seeking large returns are unlikely to exploit these avenues on a major scale in the near future, Haro says. However, as personal Wi-Fi devices grow in popularity, the risks will no doubt increase, he adds.
The “Macsimum MWSF 2007 Coupon Book” is available for download. You can find it here and print it as a PDF. It has discounts, special offers and promotions.
Robert Pritchett Says:
The fix was posted back on October 2007 by Rob Griffiths -
http://www.macosxhints.com/article.php?story=20071031114140862
Posted on January 23, 2008
Article Information
Comment on this Article Print this Article Email this Article Digg This
Contributor
Dennis Sellers
Dennis has been a newspaper editor/reporter (seven years) and teacher (seven years). He has over 4,000 magazine, newspaper and online articles to his credit. He has also covered the Mac and tech industries for over a decade for such online publications as MacCentral, MacMinute and now MacsimumNews.
dave Says:
Yes, the criminal’s are expanding to attack all platforms that Sophos has support for… Everyone must by their product, “Just To Be Safe(tm)”!
Posted on January 22, 2008