Organized Crime Targeting Apple Computers for the First Time

January 31, 2008

Apple LogoWhile it’s nothing new for organized crime to focus on phishing and identity theft, Windows-based computers have traditionally taken the brunt of most attacks. So much so, in fact, that plenty of my Apple friends claimed it as yet another reason to switch to the below-the-radar Mac. Too bad, then, that a report out last week shows that the end of 2007 was the beginning of “financially-motivated” organized crime targeting Apple computers.

Is this good news or bad? After all, it could be taken as a sign of Apple’s success. Macs finally appear to be popular enough that cybercriminals care. However you frame it, check out this call to arms of sorts from Graham Cluley, senior technology consultant at Sophos (the firm responsible for this report):

“Mac users have for years prided themselves on making smarter decisions than their PC cousins - well, now’s the chance to prove it. The Mac malware problem is currently tiny compared to the Windows one, so if enough Apple Mac users resist clicking on unsolicited weblinks or downloading unknown code from the web then there’s a chance they could send a clear message to the hackers that it’s not financially rewarding to target Macs. If they fail to properly defend themselves, however, there’s a chance that more cybercriminals will decide it’s worth their while to develop more malware for Mac during 2008.”

So there you have it, Mac users, unite and be as smart as you feel! The report also noted that Wi-Fi enabled devices and other mobile technologies (even mentioning Apple’s iPhone and iPod Touch) are likely to be targeted this year.

Share These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • bodytext
  • del.icio.us
  • StumbleUpon
  • NewsVine
  • Slashdot
  • Facebook
  • Mixx
  • N4G
  • TwitThis
  • Google
  • Technorati
  • SphereIt

Filed Under: Apple, Internet, Privacy, Tech News

Viewing 40 Comments

    • ^
    • v
    I seriously doubt the Mac users will do better at resisting malware Than PC users have. Most Mac users feel so protected because they use a Mac that they'll probably trust even more links than PC users do. Combined with this that Mac OS's default security settings (firewall, wifi, etc) are much more lax than windows can get away with. People have been saying it for years, if Apple got a large enough market share they would face very similar security issues as Windows has.
    • ^
    • v
    The argument of security though obscurity is total FUD. Apple enjoys far greater security because the system is far more secure.

    Paul, the firewall software changed in Leopard, but Mac has always offered far more sensible default configurations than Microsoft, you are seriously confused about that point.
    • ^
    • v
    If that trojan was from organized crime like you say, then they must be retarded. First of all, you had to download this file from a porn site that may or not be real. secondly you had to install it.
    This isn't the first time someone has tried to do this. Most of these so called "trojans" are spread by going to illegal file sharing sites or by going to porn sites from links from obvious rogue emails.

    You can't really blame the platform for idiots that use it and don't know what they are doing. In contrast, you can plug in a PC with XP and leave it online and don't visit any sites and it can get infected.

    Paul, you must have never used a Mac because the Mac's default security settings in Tiger are way better than XP.
    • ^
    • v
    The writer of the article has no idea of the differences between OSX and Windows XP / Vista, that inherently make OSX more secure to begin with. And like most FUD spreaders, they fudge the facts to make their point.

    Note that, so far, all of the supposed infections of OSX have been done by crippling the Mac so that it becomes possible to infect the OS, and usually done through a third party software hole. And note the source of most of the so called vulnerability scares: the companies that make virus protection software.

    FUD. Get a Mac.
    • ^
    • v
    PS- and, unsurprising as it is, today yet another hole is found in Windows:

    http://www.infoworld.com/article/08/01/30/Criti...
    • ^
    • v
    I agree completely with you Paul. A bunch of my friends have switched over to Mac in the past couple years, and they consistently use this excuse and usually I just kind of smirk to myself. The only reason Mac's are more secure is because until recently hackers and other malicious online types didn't care enough to go after them. It's like you said, now that they're gaining more popularity, they will not be as secure as they once were. It's been known for a while that Mac's do not contain the levels of security measures that PC's do and I think in time Mac users are going to find this out. I think Mac's security policy is kind of one of security through obscurity. Keep any security flaws secret...your users dont know about them, the attackers (who dont care...yet) dont know about them....all is well. That's probably going to need to change in the near future.
    • ^
    • v
    Sorry, when i started typing that, there was only one other comment, I didnt see the rest of this. I want to wait and see what others have to say though before I comment further.
    • ^
    • v
    I am an organized criminal, and have used macs almost exclusively since 1984,and I think no one has suffered any ill effects. I believe its good to be a criminal, and better to be an organized one.
    Paul ellis-"I seriously doubt the Mac users will do better at resisting malware Than PC users have.", I advise you to adopt a course of intellectual rigor, perhaps you might think about what you say, and try to relate it to rw.
    • ^
    • v
    Why do people always spout BS like this and show their ignorance? Mac OS X *is* inherently safer. You have to be a major league Windows zombie not to know and accept that. Having said that, I wouldn't be surprised if the first few trojan horses that effectively target OS X fooled a lot more Mac users, because they simply aren't educated in such things, on average. Informed people owe it to them to remind them that there are plenty of entities on the internet that mean people harm, and it's best to avoid helping them hurt you.
    • ^
    • v
    http://www.heise-security.co.uk/articles/98120/1). 'The Mac OS X Leopard firewall failed every test. It is not activated by default and, even when activated, it does not behave as expected. Network connections to non-authorised services can still be established and even under the most restrictive setting, "Block all incoming connections," it allows access to system services from the internet.'

    Ben, 'You can’t really blame the platform for idiots that use it and don’t know what they are doing.' That is exactly what happens to Windows. By far most malware that targets and successfully exploits Windows (XP or Vista) is really a "social engineering" trick. If you can get people to run a program (via P2P, porn, etc) on ANY OS you are going to have a lot more problems.

    'In contrast, you can plug in a PC with XP and leave it online and don’t visit any sites and it can get infected.' That statement is not true. It is only true if you use a pre-service-pack release of Windows XP from 2001. The Windows XP SP2 firewall (which has been out since 2004!) is far more secure than the Leopard firewall.

    Mac may still be safer for the time being, but it is because of obscurity. Even a lot of the praise Linux gets for its security is a result of its obscurity. If the current versions of Mac OS X or Linux commanded 95% market share they would have far more problems with security than Windows XP or Vista.

    Mack520 you might try actually making a point to illustrate my error. I am saying it is a stupid, and completely unfounded expectation that Mac users (who assume they are inherently immune) will be smarter about malware than Windows users. If anything they are ripe for the picking.
    • ^
    • v
    "If the current versions of Mac OS X or Linux commanded 95% market share they would have far more problems with security than Windows XP or Vista."

    This is the kind of ignorance I'm talking about. Security was tacked on to Windows as an afterthought. Security was a prime directive in the creation of Unix. That fundamental difference makes OS X inherently more secure. Windows has holes by nature. OS X has (far fewer) holes because it grew from a platform that is secure by design.
    • ^
    • v
    Interestingly enough, as an IT professional, I read through dozens of IT blogs daily and like an airborne illness, every few days some security "expert" from some completely unknown "security firm" makes the statement that "The Mac's are next".

    I've been hearing that since 1997.
    That line has outlasted most of the security professionals careers.

    The Mac zealots say, not us, the PC guys say, why not you.

    I say, show me something.
    For some reason unknown to me, no one can ever show me a situation where a user opens a e-mail and their Mac turns into a robot sending out hundreds of e-mails every night at 3 am.
    Show me where a user has their password directory or database compromised by some outside hacker without their help.
    Somebody show me something where a Mac gets hacked while the owner is sleeping and no one is using it to "click on something" or authenticate a process.
    Until then, please stop all this "largely unknown security expert" wishful thinking income enhancing nonsense.
    • ^
    • v
    Anyone that believes that malware is easier on Unix than MS's operating system does not or has not chosen to understand the difference. Yes Apple will attract more hackers due to market share rise but it DOES NOT mean it will be as easy for the hackers. If it had one of them with a hard-on would have already made a name. This is an old MS tale to make them feel superior of their choice of OS's. Kinda like whistling in the woods.
    • ^
    • v
    Kenneth, "This is the kind of ignorance I’m talking about. Security was tacked on to Windows as an afterthought. Security was a prime directive in the creation of Unix. That fundamental difference makes OS X inherently more secure. Windows has holes by nature. OS X has (far fewer) holes because it grew from a platform that is secure by design." Not all Unix is created equal. The security of a platform has a lot to do with the vendor that creates and sells it. It is a fact that the Leopard firewall "accepts all incoming connections" by default. It is also a fact that that is not a good security practice. So trying to say that Unix is inherently secure is BS, because it is Apple's security practices that are at play here.

    George, I agree with you that currently OS X is safer, and it has been a long running story that Mac would be next. Do you know what has happened? People always assumed Mac was actually going to grab some significant market share (read: somewhere around 20% or higher) and it hasn't. And if anyone tries to argue that any Mac OS before OS X was secure (going back to 1997?) they don't have a clue. Pre-X Mac OS was a joke: no protected memory, no real user-level access controls, the ability to easily grab any other user account's password, etc.
    • ^
    • v
    One other note, it isn't like I've never been exposed to *nix, or other operating systems for that matter. I'm kind of an OS junkie. I first used RedHat 6.2, and have tried most of the popular flavors (and many unknown flavors) of Linux, even as my only OS on my desktop and laptop. I have used Macs since the SE/30 was a good machine. I ran BeOS for a while (still one of my favorites). I have used various versions of BSD. I even used OS/2 Warp with Windows 3.1 for about 2 years as my only OS.

    Do you know what I've learned from all of this? Every single one of them has very visible flaws, and it is ignorant to act like any of them are perfect. Pick and choose your problems. As for me I actually really like Vista. Although I'm sure I'll get slammed for my personal preference.
    • ^
    • v
    If pre Mac OS X security was crap, then the argument that OS X is secure by obscurity is totally moronic. The fact is I've used macs since 1986. I never used a antivirus program, a d I've never had a problem. Wish all you want mac haters, the Mac is the most secure computer money can buy.
    • ^
    • v
    As a Mac user I suspect that there is probably some truth to the security by obscurity idea. However, there is one incredibly conspicuous Mac that, to my knowledge, has never been hacked. The U.S. Army's web site at http://www.army.mil is hosted on a Mac web server. It would seem to me that this particular site would be a frequent target for foreign and domestic hackers trying to earn some cybercred. See:http://www.apple.com/itpro/profiles/army/

    The army is apparently pretty happy with the performance of their Macs as they have been hosting on the Macintosh platform since 1999.

    Beside that I've never really understood the down side of security by obscurity. I mean if you are more secure, you're more secure right? Who cares why? It's as if you built two houses, one in the country, one in the inner city, the one in the country would probably be more secure for the same reason. I fail to see how that is detrimental to the country house.
    • ^
    • v
    Is the Mac more secure? Probably. Why? God only knows. Will it be more vulnerable to malware attacks because it is becoming more popular? Remains to be seen. The one thing that you can be sure of is that any attacks on the Mac platform will be immediately quashed. Why? Because Mac users pay attention. A Mac attack vulnerability will be disseminated throughout the community, and dealt with rapidly. My guess is that the fanboy tag will finally pay off when the going gets tough.
    • ^
    • v
    Actually, the Mac OS X previous to OS X was pretty secure. (A few worms existed) The US Army used the Webstar web server that ran on the classic Mac OS for some time. The reason for the security? Part of it was that the pre-OS X Mac OS was a from-scratch GUI and had no command line. True, it didn't have preemptive multi-tasking, (or robust memory protection) but the original Mac OS was designed as a single-user OS. That's unlike UNIX, invented when computers were so expensive that everyone had to share the computer and keep their stuff safe and secure from everyone else's stuff.
    • ^
    • v
    "Mack520 you might try actually making a point to illustrate my error." Why? Why would I try to make a point to you?How would I even go about doing so- since reason, logic, deduction, and every other thought process I am familiar with clearly are
    inappropriate. How about try typing fsck -f
    • ^
    • v
    My point wasn't Mac centric, it was more proof centric.

    To my knowledge, there have been exactly zero Mac's compromised without the help of the user to click on something or to authenticate a process.

    I know there have been some attempts, highly publicized dog and pony shows to hack a Mac OS X based server, but I think we're still waiting or someone to actually take control of one.

    If there was a MS or anyone else's OS that had that sort of security success, I would be for that, as well.

    I just get annoyed that every know-nothing blogger falls for and subsequently publishes every "almost known security expert's" Chicken Little statements of an impending security doomsday scenerio that's about to fall on the heads of every Mac admin.

    Just stop with the BS "proof of concept video's" from these so completely unknown security firms showing that if a certain user were to inadvertainly log onto some spoofed portal than perhaps they could get lured into downloading an app that might, just might, with the proper authentication and only after running the app, might actually do something bad someday in the future to someone, maybe...well it could happen, maybe
    • ^
    • v