This post is contributed by Paul Sabanal, Researcher for IBM X-Force.
My colleagues at X-Force and I have been paying pretty close attention to Mac malware lately. In fact, we predicted in the IBM X-Force 2011 Annual Trend & Risk report
that we would start seeing even more Mac malware in 2012, and that it would begin to resemble its Windows counterpart. Turns out we were right.
What’s interesting to us is how this malware is being spread. If you read the last report, then you know that the first variant of Flashback appeared back in September 2011. Although a number of variants have been released since then, what is different now is how successful some new delivery methods have been.
No longer are attackers relying just on social engineering tactics to lure targets to download. Now we are seeing drive-by download techniques that have been commonly used to spread Windows malware for years. Some of this was accomplished by modifying Wordpress blog sites and posting redirect links to sites where the exploits resided.
We’ve discussed in the past how technically difficult it is to exploit OS X software compared to Windows software. This has long been a major factor in the prevention of mass exploitation. But Flashback works around this by using multi-platform exploits through Java vulnerabilities. That makes the exploit techniques, and most of the code involved, the same – regardless of whether the target is a Mac or Windows machine.
We are going to continue to keep our eyes on this – and we’ll report back here as new developments unfold. If you are interested in Mac malware, we go into a lot more detail on the subject, as well as another major development we’ve been seeing --instances of advanced persistent threat malware for example – in our latest X-Force Trend and Risk report. I encourage you to download a copy and read all about it.