Macs emerge as virus carriers into Windows networks
Posted on | November 9, 2009 | 1 comment
Are Macs that are allowed to tie into Windows-centric networks posing an emerging security threat?
Yes, contends Timothy Armstrong, Global Research and Analysis Team, Kaspersky Lab.
Kaspersky has become the lastest antivirus company to begin offering an antivirus protection suite for Apple computers.
Other security products already on the market include Mac versions of Norton Antivirus, Sophos Antivirus, PC Tools iAntivirus, Avast Antivirus as well as McAfee ViruScan, Intego VirusBarrier X5, Avast and ProtectMac AntiVirus .
In launching its Mac security suite, Kaspersky contends that there are multiple scenarios by which Web-borne infections could be transferred from a Mac to a PC in a corporate network.
Infections can spread from a Mac to a PC via tainted USB devices, such as memory sticks, iPods, FlipVideo camcorders or Blackberries, or via corrupted Adobe PDF or Microsoft Office documents shared via email. ” In this scenario a Mac user might view a file and not get infected, then forward it to a colleague using Windows who would get infected,” says Armstrong.
Similarly, the prolific spread of bad URLs via email and social network messaging and microblogging at one level is platform agnostic. For instance, a Mac user might be naturally inoculated against malware written for Windows OS spreading via a bad URL in social network messages. But the Mac user, nontheless, could naively forward the bad URL on to his or her Windows-using co-workers, says Armstrong. “Further complicating this issue is the use of URL shortening services on sites such as Twitter, which mask the actual destination,” says Armstrong.
Kaspersky has detected a malicious Firefox plug-in that works on both Mac and PC as well as any operating system that will run Firefox, he says. “This plug-in is a Trojan horse which downloads and installs a spam sending bot written in JavaScript.”
Comments
1 Comment »
RSS feed for comments on this post.
We have often likened Macs to Mary Mallon, otherwise known as “Typhoid Mary” the immune carrier of typhoid fever. We’ve offered Mac protection for some time, simply because we know that Windows threats do occasionally look for SMB shares. Autorun can in theory work, if it’s been created to work as a hybrid.
We are also seeing threats emerging that will run happily on a Mac. Javascript and other scripting languages will happily run on a Mac browser.
The “security through obscurity” argument is definitely growing weaker as time goes on. We at Sophos advocate being prepared.
Beth Jones, SophosLabs
Comment by Beth Jones — 11/10/2009 @ 8:37 am