Friday, 25 January 2008

Study: Hackers Extending Efforts from Windows to Mac

IT security and control firm, Sophos, has published its Security Threat Report 2008 examining the threat landscape over the previous twelve months, and predicting emerging cybercrime trends for 2008.

The report reveals that in 2007 organised criminal gangs for the first time arrived at Apple's doorstep with the intention of stealing money. With proof that hackers are extending their efforts beyond Windows, Sophos is warning computer users of all operating systems not to be complacent about security.

Sophos experts note that malware for Macs has been seen before, but until recently, organised criminal gangs have not felt the need to target Mac users when there are so many more poorly protected Windows PCs available.

However, late 2007 saw Mac malware not just being written by researchers demonstrating vulnerabilities or showing off to their peers, but by financially-motivated hackers who have recognised there is a viable and profitable market in infecting Macs alongside Windows PCs. For example, many versions of the malicious OSX/RSPlug Trojan horse, first seen in November 2007, were planted on websites designed to infect surfing Apple Mac computers for the purposes of phishing and identity theft.

Sophos experts are now discovering 6000 infected webpages every day - one every 14 seconds. 83 per cent of these webpages actually belong to innocent companies and individuals, unaware that their sites have been hacked. Websites of all types, from antique dealers to ice cream manufacturers to wedding photographers have hosted malware on behalf of virus writers.

Cybercriminals can target any computer user by spamming out emails containing links to the poisoned webpages, directing unsuspecting victims to the malicious code. The website can determine if the visiting computer is a Mac or a PC, and delivers malware custom-written for the surfer's operating system.