IT security and control firm Sophos is warning Apple Mac users
to wake up to the threat of websites hosting malicious code which
can infect their systems, following the discovery of two new
separate attacks in 24 hours. The advice follows the discovery of a
new version of the Jahlav Trojan horse that is being distributed
via a site posing as a portal for adult videos.
Is it safe to surf for porn on an Apple Mac? from SophosLabs on Vimeo. (Also
available on YouTube)
"Although there is much less malware for Mac OS X than there is
for Windows, that's going to be little consolation if your shiny
new MacBook gets infected. Many in the Mac community have had their
heads buried in the sand for too long about the real nature of the
threat," said Graham
Cluley, senior technology consultant for Sophos. "It is
becoming more and more common for hackers to use social engineering
tricks - like telling surfers that they need to download a plugin
on their Mac to watch a video - to weasel their way onto computers.
Some Mac users may have thought that it was safe to surf for porn
on their Apple Mac, but they were wrong."
Sophos notes that the criminal gang behind this malware attack
is targeting Windows computers as well as Mac OS X.
"It would be a big mistake if Windows users felt smug about
their Mac-loving cousins getting hit in this way. The booby-trapped
websites determine if the victim's web browser is running on
Windows or Mac OS X, and serve up malware specifically designed for
the visitor's operating system. Targeting both Windows and Mac
means that the hackers can increase their chances of success,"
explained Cluley. "Once the malware is running on your computer, it
can download further code from the internet - opening the door for
your computer to be infected by scareware, send out spam, or become
part of a zombie botnet. Windows users are used to fighting
malware, but many Mac users are oblivious of the battle taking
place for control of the public's computers."
In addition to Jahlav-C, Sophos also discovered a new version of
the Mac OS X Tored worm yesterday.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.