Apple Security Risks Growing

As Apple user camp swells, hackers are increasingly targeting malware at Macs, says a new report from security vendor Sophos.

Mac users, get ready to fend off new malware threats: Hackers have set their sights on you, says a report from security vendor Sophos. Until 2007, criminal cybergangs had largely overlooked Mac users for the low-hanging fruit: all the poorly protected Windows PCs available. But as Apple computers gain traction with both consumers and businesses, hackers see potential profit in targeting Macs. And this means Mac users may have a rough year ahead, according to the report.

As an illustration, the report points to the one of the new families of malware attacks seen in 2007: the OSX-RSPlug attack of November, which redirected DNS queries to a compromised website. The site could detect whether a visitor was a Mac or a PC, and launched a custom attack accordingly.

The report emphasizes that hackers unleash malware in the hopes of making money. That's why it's so important to stay properly defended; if hackers don't see ROI on their efforts, they may be less inclined to try for a bite of an Apple. Users need to resist clicking on unsolicited weblinks or downloading unknown code from the Web, says Graham Cluley, senior technology consultant at Sophos.

IT must also think more critically about Apple security in the months ahead. "Now that financially motivated gangs have shown their hand, IT departments should reconsider the level of risk that any unsecured Apple Macs can pose to their overall network security," says Mike Haro, senior security analyst at Sophos. "The same can be said for individual Mac users who to-date never saw the need for anti-malware protection."

Sophos reports discovering 6000 infected webpages every day; 83 percent of these virus-laden sites belong to individuals and companies unaware that their sites have been infected. The report says wedding photographers, antique dealers, art galleries, holiday property websites and other innocent-sounding sites may unknowingly host malware.

Copyright © 2008 IDG Communications, Inc.

Get the best of CIO ... delivered. Sign up for our FREE email newsletters!