Cybercriminals moving beyond Microsoft to Apple and Linux

Stan Beer
Wednesday, 23 January 2008 07:45

Your IT - Home IT

A new report reveals that in 2007 organised criminal gangs for the first time started attacking Internet connected Apple products with the intention of stealing money. The report issues a chilling warning that the increased popularity of Mac computers and the enthusiastic take-up of net connected products such as iPhone and iPod Touch has its down side.

IT security and control firm, Sophos, says the report shows there is now evidence that hackers are extending their efforts beyond Windows and is warning computer users of all operating systems, including Mac OS and Linux not to be complacent about security.

According to Sophos, malware for Macs has been seen before, but until recently, organised criminal gangs have not felt the need to target Mac users when there are so many more poorly protected Windows PCs available.

However, late 2007 saw Mac malware not just being written by researchers demonstrating vulnerabilities or showing off to their peers, but by financially-motivated hackers who have recognised there is a viable and profitable market in infecting Macs alongside Windows PCs.

For example, many versions of the malicious OSX/RSPlug Trojan horse, first seen in November 2007, were planted on websites designed to infect surfing Apple Mac computers for the purposes of phishing and identity theft.

"No-one should underestimate the significance of financially-motivated malware arriving for Apple Macs at the end of 2007. Although Macs have a long way to go in the popularity stakes before they overtake PCs, particularly in the workplace, their increased attractiveness to consumers has proven irresistible to some criminal cybergangs," said Graham Cluley, senior technology consultant at Sophos.

"Mac users have for years prided themselves on making smarter decisions than their PC cousins - well, now's the chance to prove it. The Mac malware problem is currently tiny compared to the Windows one, so if enough Apple Mac users resist clicking on unsolicited weblinks or downloading unknown code from the web then there's a chance they could send a clear message to the hackers that it's not financially rewarding to target Macs. If they fail to properly defend themselves, however, there's a chance that more cybercriminals will decide it's worth their while to develop more malware for Mac during 2008."