Re: Adware/Spyware on Mac/OS X

[Mark Borrie <mark.borrie () OTAGO AC NZ>]

I haven't looked at the spyware list below so cant comment on how many
of these are in the wild. However we have seen a significant increase of
Macs infected with Malware over the past six months. In fact we have
identified several pieces of previously undetected (unreported?) Mac OSX
malware. Ironically we were investigating one such incident the day
Apple released the "Macs dont need AV" video.

A common response we get when investigating Mac compromises is surprise
that the system has been infected with malware. Many users still believe
that they are immune simply by using a Mac. The other problem we have is
that even if AV is installed the users do not check their scan reports.
In one case here this simple task would have alerted the Sys Admin that
their Open Directory server was compromised.

We treat compromises of Macs differently to Windows. Most Windows break
ins are from malware that simply wants to own the hardware. Mac break
ins are more often hands on much like break ins in the early days. The
potential for data loss seems much higher as those that break in tend to
have a good look round. Compromised Macs also tend to get used for
underground IRC and other such things so are probably more valuable.

AV products will not stop a brute force ssh break in. They will however
provide an additional layer of defence for Macs.

Mark

Gene Spafford wrote:
> On May 4, 2009, at 12:47 PM, Rowe, Ken wrote:
>
> > It appears to be a pretty small list (in comparison to MS Windows).
> > See http://macscan.securemac.com/spyware-list
>
> But how many of those are really "in the wild"?

--
Mark Borrie
Information Security Manager,
Information Technology Services, University of Otago,
Dunedin, N.Z.
Ph +64 3 479-8395, Fax +64 3 479-5080