Macs emerge as virus carriers into Windows networks
Posted on | November 9, 2009 | 2 comments
Are Macs that are allowed to tie into Windows-centric networks posing an emerging security threat?
Yes, contends Timothy Armstrong, Global Research and Analysis Team, Kaspersky Lab.
Kaspersky has become the lastest antivirus company to begin offering an antivirus protection suite for Apple computers.
Other security products already on the market include Mac versions of Norton Antivirus, Sophos Antivirus, PC Tools iAntivirus, Avast Antivirus as well as McAfee ViruScan, Intego VirusBarrier X5, Avast and ProtectMac AntiVirus .
In launching its Mac security suite, Kaspersky contends that there are multiple scenarios by which Web-borne infections could be transferred from a Mac to a PC in a corporate network.
Infections can spread from a Mac to a PC via tainted USB devices, such as memory sticks, iPods, FlipVideo camcorders or Blackberries, or via corrupted Adobe PDF or Microsoft Office documents shared via email. ” In this scenario a Mac user might view a file and not get infected, then forward it to a colleague using Windows who would get infected,” says Armstrong.
Similarly, the prolific spread of bad URLs via email and social network messaging and microblogging at one level is platform agnostic. For instance, a Mac user might be naturally inoculated against malware written for Windows OS spreading via a bad URL in social network messages. But the Mac user, nontheless, could naively forward the bad URL on to his or her Windows-using co-workers, says Armstrong. “Further complicating this issue is the use of URL shortening services on sites such as Twitter, which mask the actual destination,” says Armstrong.
Kaspersky has detected a malicious Firefox plug-in that works on both Mac and PC as well as any operating system that will run Firefox, he says. “This plug-in is a Trojan horse which downloads and installs a spam sending bot written in JavaScript.”
Comments
2 Comments »
RSS feed for comments on this post.
We have often likened Macs to Mary Mallon, otherwise known as “Typhoid Mary” the immune carrier of typhoid fever. We’ve offered Mac protection for some time, simply because we know that Windows threats do occasionally look for SMB shares. Autorun can in theory work, if it’s been created to work as a hybrid.
We are also seeing threats emerging that will run happily on a Mac. Javascript and other scripting languages will happily run on a Mac browser.
The “security through obscurity” argument is definitely growing weaker as time goes on. We at Sophos advocate being prepared.
Beth Jones, SophosLabs
Comment by Beth Jones — 11/10/2009 @ 8:37 am
This is a rather biased way to report what the essential truth regarding USB and malicious URL infections. Start with USB:
- malicious code can be written onto removable media from *any* OS. This includes Win*, MacOS, eReader, and handheld/PDA devices that have USB ports
- the best protection against this attack is to employ antivirus scans on removable media when they are connected to your machine
- even the best protection (AV) is not 100% reliable
Now consider malicious URLs. This is a mail client and user behavior exploit (forwarding mail), not a cross-OS exploit. Antiphishing measures in mail clients can mitigate this but again, not entirely.
Let’s deal with fact, not FUD.
Comment by Security Skeptic — 10/6/2010 @ 9:06 am