Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Infected Mac Computers Worth 43 Cents in Cyber-underworld



 By: Brian Prince
2009-09-25
Article Rating:starstarstarstarstar / 3


There are 6 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
In a talk about the threats posed by Russian malware affiliate networks, a Sophos security researcher reveals an operation offering people 43 cents per Apple Mac they infected. Affiliate networks can generate serious profits pushing scareware online.

New research from Sophos underscores a growing interest in the Mac among cyber-criminals.

In a presentation at Virus Bulletin's VB Conference, in Geneva, Sophos Labs researcher Dmitry Samosseiko revealed a malware affiliate network offering 43 cents per infected Mac computer. The offer was the work of a larger network of Russian spammers, malware authors and businesspeople pushing everything from phony watches to medicationsan alliance he called the "Partnerka."

This goes to show that Apple Macs, which are targeted far less than Microsoft Windows PCs, are not without security threats.

Resource Library:

"Mac users are not immune to the scareware threat," Samosseiko wrote in a paper released at the conference. "In fact, there are 'codec-partnerka' dedicated to the sale and promotion of fake Mac software. One of the recent examples is Mac-codec.com the site is no longer available, but just a few months ago it was offering $0.43 for each install and offered various promo materials in the form of MacOS 'video players.'"

Earlier in 2009, attackers tried to infect people using pirated versions of Mac software in an attempt to build a Mac botnet. DNS (Domain Name System)-changing Trojans targeting Macs have been reported this year as well.

Perhaps in response to the changing landscape, Apple took the additional step of adding some new malware detection capabilities to Mac OS X 10.6, aka "Snow Leopard," using known malware signatures. If malware is detected, Snow Leopard will recommend moving the file to the trash. 

"Cyber-criminals are interested in money, full stop," Sophos Security Analyst Michael Argast told eWEEK. "The fact of the matter is that users of Windows or Mac machines all buy stuff online, access online banking, have confidential informationand it is that information the criminals are after."

Rogue affiliate networks like the ones outlined by Samosseiko in his paper have the potential to earn attackers serious money. One such network uncovered by Finjan earlier in 2009 reportedly made $10,800 a day pushing scareware.  

At Symantec Security Response, Research and Development Manager Marc Fossi said Symantec hasn't seen any specific advertisements for Mac bots in the cyber-underground, but said attackers are keen to get their hands on whatever they can. Argast echoed the sentiment.

"What we do know is that fake codec Trojans have been increasingly prolific, and we started seeing them pop up for the Mac platform about a year ago," Argast said. "Based on the breadth of the attacks, and variety of sites and malware involved, it is quite probable that affiliate networks like this have been in place for some time, and simply added the Mac as a platform of interest."





  Reader Comments: Infected Mac Computers Worth 43 Cents in Cyber Underworld
>>> Post your comment now!
A user comment on this article
amazingly naive..u must never have read this http://www.itworld.com/mac-hacked-first-in-contest-080327
Posted At: 10-01-09
By: Anonymous
A user comment on this article
just because their market share is (currently) lower than windows doesn't meant that thats the reason there are NO malware or viruses (other than...
Posted At: 09-28-09
By: Anonymous
A user comment on this article
@TT - Windows comprises 86.56% and Mac ~7%... Not large enough to be cost effective to mass target.
Posted At: 09-28-09
By: Pat
A user comment on this article
As a % of the ecosystem, Macs occupy an insignificant niche that is FAR too small to target easily. Until that changes, the threat is minimal.
Posted At: 09-28-09
By: Pat
A user comment on this article
Apples market share is huge and growing... and yes, so far they are immune to the threat, that is unless you install the software... REALLY>?? why...
Posted At: 09-28-09
By: tt
Mac virii
Sounds more like someone is trying to make news. I still do not think that Apple has a large enough market share to warrant serious interest by...
Posted At: 09-26-09
By: Anonymous
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}ks㶲*Q3Co{)ٖ:,K3ΤJKĘ"uH%{rkĹ;3e$n4wAȅ3&ל۔O]sSãw$5]!2I=*rdz&9%G jL7R>M3|mksu;l{Dwd"|l 4jO40,Pk< Z535ԗmˏ~e0.ZIQ6*6OjZw6(CLeH.( f_ږyD6GH;aT|r QCRTRXVP~FDǎ5~r =k||-x:a+M˟ m׸ڮY'[zkXy!lBP!"B\ςݻHݤoq@ؒI5h mUr#Өbb=wހ]õ]\./RFՌeCstSz3]gԏ 1l{`<E9$7 V:\تZJP'C;)X̠e[G0m_Ϫ| uvs<$s~3 jd1KU zcnK p==\'xtTa[eY7;Ͱ-6@6#M-jZUQ bkG{Q>o9{ۖ3bT;}k[7?ڻPʪ)Jӻl_H C[wn -%;ZAPt'^O.Zaㆷ\`#H |'[oDR*rP8&ȇ Ԙ8b= {3PT㕒~T7jy%R+ iɥzd$i3)N,ԐXۭdji][W^['7bٚXB ji@e$X]3,E%M{#gkr>i>s鐚&(PtXAZ|]mUk_{} &w󁭡LK$o# if\B(PHQ~*nlN}yp!lzYYU'*daeEUis[fEށ:Yx:%eOVЂ)gF8 ,I!e޴$8WG9UGRŪc"%YRS" rOL[ԑApl uu<|P ZG>OtvߧԴPwאQmQޣ8ݘXiI7j0i\+G޺~L߳0}Uԇ5jI t"&q}hs)кyna2B?JlMnP>h^0 hp3*vs`=>ho k :GTZ-[Z6x G͹A 2tq0xzOEȣ$@!"5i]NP@Br68 -4rrޑzZ*&RP*m=!đt݁Z*})QύgR1b -xkb$d6g2KIMiG0-&D7r"eL/G7Mቚ6F5oY,*GV+W& 2,X,ՙxn&i &L@NuPOjHL\TdyJ0sǞ{<*7ȓkQ@̃ 3L+f9{& ./| ` n6O)4sj9`XƄDWj>!4Ӄi5ĽǪlf[̓:L:%qKm:0s k2'y6?>y@,\nGpIN3_iy:epGҶ-o J|z[.z8 9r! xUi!3'Xe ofД S5>I? JLyG)'wJQJJV ZhU檱@d[6[3˦buc"$l JveXZ @-*46@PV ,7:k}:J+_iHH*6@\X3,# %."?ԉW0ZԒ:d6@=pl}F0_\큢K*+jh#aIZObs˖@6@whM dlĖCfx5bz' ЃSf~ou3 ?;ǿGRB/C4H80Vm2`a BSjb35."|W@( KŌеә;˫ʰwZ]v˦Կ~Fl4]Z#歰A= ?0щj*SaA3Y6(T-{ <}6:y*?LRP$X`/#Y% 6(Uȵm>3hugABglV-D:3G.7MX8[φCBE-HxqzS??uPVƮ< J>f} `'\s{.K PŁǨͰZ]zu6$TY(Qܧ&3S3&턇4`Hܸ)cpHl`_t`@B^C &@cZsEk ZC㖪gDܔ7ц&[к|XMOv@eУCjzq~9ë#߬'ppEVVőG@ֽ ?+[+؝?F'hE}耰⢉#H{+E&pӜ)o= =Kj#U0Lj:q~e(Do8`&~)ajY]O]U*jAeW}ZAQYLjB&:(dH4ݣi;J8KjLc(7 7kէό 欮h +RSJb/ 86"uYFvru~E!IhfjV'k-_MeÉ<9CY7Wb-> $Dq 8`Bnu Il\MaGhy;@<몦]}I0YRIpXAYo]a-wS9iz>eZAjTiva*\ Z GqSV|,mǤ_)hYha29BA:hsg8h$l\3b ؑo421y=0SGD]Vl¼h.]>:lf#'-nõ^ 7>q;"c'۝\s6PkjuRRh\U@V 2ˁ; _.7qDzGRUe@5iģT3% y $:-.wEЊQ i&l|&L_e,7;*PfX0ީ˕2p9҃ `kRUGFW9K=XT\SGz8{I1pU JM1H}j"⃨:i2TBE-) 1Co4rh2jk./ 71טޜsb9t[ iz\+pKd38@X<y}bS衧,4Ayq0ݎs{qm'YC.ij2~P+a Pq+ZJ0iUI+T Z} 2fc浕$}/v[EIOS+f+ntC Ϛϸ`_{^7z_In6J墦AkR;~O;a&ұLQ@t@ 27\'WeRU@8J3A6Bs:ǃ[mpD75a)49Re&%k ir2-Ԉx0M8tz' eqc?s<cS7/ZU{  }MMޟ9 |1tc~y ̶I\f}zGW M~H ۪=^f}0cnow/y01Vy?: ?ޫٗT.š J/tD`Si~hy(/ hdzNTHIw1n>dd˙M=/bk5/z~hC'';9ݎi^h_tOk~\/[R1~Jy0#䈠^j^?\8dsrj^7b7 `[&I9:D=Sk!xΰ;m)/5'^rt%Vm՘ n!qdQ6hN؞{k ؿ Bb/31ߐLR# (ʑ-`` Ɉv9:c/;ִB 0BDe,$+e3ғ2M|;mt(6Fыٿz{~i X x4~+0waAbkF+9mԓN۟H‐ Nv*hq_<@#sFg(n2~p A\~j]eԉ(%T \ Gl->; cda(nɐ $ZdeۆnKlx8e%RLɔ&g.p)|Lh'IZV6X(4%!4TŒObCYA*' һj^npPpR. i^ e!>ewqJhIg+y-)EY-V6Ys C>Ax9$y/вO]ZEbݩcsc<Im6(Sf czP'[gYX*40so8d#ޣd=fT_1;&`Y -w>`LذM\g7ZG(Pv4qXx21yA6,\?=[|,Mw[v1veO5i^~&-_ < HtN޼=Foۨ{.l(=~"Gzzy}6 9oJwfk6rK0>oV8i?{ֽsii[nơ8  0(^t,$$yUZ¶fU3$]d%~VxF0M#}%3 Kn^x u4w {{!F.u0sd!ǒtϯ3n8%~WLM-RK"9n㚨p;D)8ÉqR#ybkK`#j>b{k&bi4V;Tf{s̷Lֈu'ȾF}Բ١E|yc,d9a}40[ɱ-ƙJ;mmܭn  ?#B;BJ [_'p5xnWX̣`kYW E L45*du_,vlHG7_IpNg@ҞH>PgA.) %} \rg#X= >e]cݖ@|4O &|TR7B:tj%GbX!;eB.4riw`߱Yhc|~jٛ^`!FgCshBzǗES-Kfw2$g@ZJ )mAS @Iro2 sFk,&, ɰ1s^껫5zCVUt0(,3mpi첆<(f#(9[اwGZcuUcAE/A4pXdoMK<f"P2%U$Y/z15<-[ ܒJw;DpUڑV*j#Fo]ܺE 3'y4aIF4 XnF&e3D1eݦ^03#Jk.U%"C 4XFi&‹=DȜ&k٘@Y_ƚk`O ,$OxقZ/at Vbc+E@[Nm5B+N:!aMH֛Iqe?OZ5yF*=r C R!@=)D/];RI2E ns谪5$ $@OREm{ ڜtM?%!6wcˌwsoAwIU%6y1ST쯀XkER[bADYgG인s۔:-I X{:PR'"bDc,p!P@ J(GP/h18i<#-5;9ee`rBV 5,HW\{3Zj%586DWAby$h逶EoDyo>C˓vZs!!{1, QP~^7˷%<zvFA < X+[ƣF%gf%gfJ&vkCwo9V&Rob}xquuzp`alCۓN]D ZZyӲIp{pv`?T =>a( +!F^d|5 b};D~~~~Vn ޴Z?KݾO`O&{(6ȗ K,H`Г/g w7k'~O]숕x#|7,4v,𵭶v'PeP#<@(S>Lyp$f!gEӃ Z.gmŒ@:wvgJ+vxӏte]̳cɉySe( >쫡t?mhQ̳شd=I^Iq 2&!Zar8R[xv1E1>l5"gS\3Cgظl`4q"o>(kʁV=P,[kNiξChBr|TҐtr'nuE4+up'jg/ 2â="2(&i G)7E; Aoۺpo䭽d?`^tm }^ j~h!<8'ɸQ?^D8j K-V nZew+/cp1b͵#OѭxXEV#'c)qhXgۛWHMt,|%aN)Ȱ^ s()яTmSO67s<.K(aږycWF؃=%hEq!,Q-]EsNV?Ñ:ɩ-{FX)}"Z"'"KIH ]^< ?X2r ʡӼ0kXrS,^J711ƜS[RSs.}KRCj/VZdqK4/ #|Й>&ME(8+3HQ&< {JTHTisROp)x:}nZӪbjă\Oa`=ikr="vC` %L+.қb(q9)lY-TH+(%\B= }GV1-^`wvᮦj+V:(]Lc7x%5Fo[q{e>:bAӹ/!th*nUZtTJuzϋW[ ByFsgyGX^sjz.z{>Ӱ΃-iqo[.04&n'肜Xp,oE"ͨa8̏XJ0[1 K}t%|=+➍XC,U!TQ T~wiUh9mF6h7%-}_!Ƙ#Z)|1_*J@(fiir' o&GxB-S7R(ѪۣV7>2<|WW|%utf#miZc:+>/ } rth7\9P[8@`m̬܏@GBQx{o M- ╙ԓF0+S'B΀!x|tZZ&u}HKm1ARib#3!F fP\Ǎs,zh/ew[= d!/9k qlXț r覾`qf`JcN/Od0W d΃ q.k!E̎Aٟܰno9fH0bCL91ח=0'}A~C:΁ nZjAFF(<"m G=׽nrj&[ք aAr:,jsIA!5Q""1a9=g3bv1K AS}9%o%P` W|83)|>OK&×HO,%"p@3l$V21 Ĕ67+I8F|0vK) &.h`3֙ej sz?> 4鐚)dj,ywF7C'kE9YG71=`3'?vqi.us\jH[Ň$!Ѕ8i,)@"!9͉ k(=a]?X/#~|aЇ8\ ]ZQJP*u!xW`ŪZJ%Pvxc5ڧоvF>ӾH3s/?oNakt2Ƨd;Y v? tw>;d'eF/?AsH?H##靌tˌKˌBfȟ.ȗn|ʠ+(Q:~z^F{^F@ lN1>Atߧ}} dd Q M%:Iʘ g+\8=Rgr z)A^d?e,#@zJ͠2,c2\.2sܾw2~RAm_tO qʕ({^SyښꖽQq뭤Mn@+G{2Th k[ zH2 r hxVYdbd byXe?~VP枔u]CRMz.!{%])2-XѦZ}5_9=U26_d_ (0z "Xr ̭0'ebAZ̤-c@#]~L(٫h.v)f7^pK|􋇎` nsKkr>urxvY͌j7m(!9q}³2N:25OK*WYn- ǡ8[ =Εor'܌3:XZ'kAi]_6/W-љOd닠4t)N(~P+"B74\9ŁS wMmK>@e^u+j>d)? q9mLڸAņoJ/ib+F=}`*\'|wp35<>8M38V "7.@cd߻C!-_!?g)b|+S}&Ճ7S[! >oY^^]>N* X62gx¡ }>uQ0Zq˵d<@T:?hCIǞM'ɱz?[">3oxAR:=bهT{aw9.F&]C?y% ]++.Cp p1.`V/\N}Xv7n+{lb5vg%f]3&2&X|L 1)Q֠}Q^IHm7c@诿aXmt RWB&+3΃x̆I+܉M -g1.=΅}[: 7tgG=םېŚο뚺up/_ۍv fL~ή:TǓx / A:༓ 2ψq #&"5lAw`t{ಁE"} 3 wTt1ˠv3C@/;6cS)GNJph)hF<}y?Z u+ Ŀ?`` \ }wHV&Lt>;Oulם@# d⁜0њSGu`'#~"V[œgхOtO6AQ%7 =[eJʍt/ASt+ 6[ `⎈me@6iZH\*,yf 4vsf῞9;P?Ba2\X$Gx kyjŧSW<߶ZP'r`Vw(l6ږ?Y c/!k8~mA=fy̴+Uradk[f:eP eX m'a׀9V`9H]3H|8N]RnãōHǸ[t[ qz6`<Ш1DLbv)E9btD]T)2ʢ6 9Oߵ3qݼ"î,ۿvyX\hFXg3# cgb@x=_qxF| /ؙ9uRɤ{m ePCik=\+ Eq sXǼVWWRڱ!;r/D;8A ca, ;fcXJ ,oԛŒ'TS*|J> T.v>ϝn,\2Dh\Nقř"?xjeFvdZU]Z-14Mo̓gkV"K0Gg=Zk|XMz\MkÐ{^O!gW Y-1!Dt9)ҡCCĞB4fF) 5P.X]n-'B@: εx C'G%?: } 399.s@OI›}XN1}aFt@t)W.r+ bMd|h\̅{ٗΚCRI>Qv<<~vm a%(U\'ߴkO,ںqS'?~<Œ6҂&!tO[i B"Dw<=m_~Hfz Cɕ/2F#5Uny~o,jepz'14mEcl(3W%5X-lu; ogg/On:%s|N9KIk.^ͦGHFsk&lƷR2cˤ_tl?Vg-