Macs harbor both Mac and Windows malware

Have the predictions made yearly by many security firms finally come true? Will Mac users be forced to invest in a good antivirus solution? According to the latest numbers produced by security firm Sophos, the penny has indeed dropped.

By analyzing the results provided by its Mac AV solution installed on a 100,000 computers included in the sample, its researchers have discovered that one machine out of 36 has Mac OS X malware installed.

75 percent of these installations (unsurprisingly) consist of the infamous FlashFake malware, followed by nearly 18 percent of fake AV installations.

But what’s interesting to note is that apart from getting infected with Mac malware, 20 percent of those machines also harbored Windows malware.

“Although Windows malware on Macs won’t cause symptoms (unless users also run Windows on their computer), it can still be spread to others,” says Cluley and advises users to “be a responsible member of society and ensure that you’re keeping your Mac squeaky clean.”

In the meantime, the decline in numbers of machines enslaved into the FlashFake botnet has been disproved by Dr. Web researchers, who explain that the statistics provided by the hijacking of botnet control servers effected by a number of security firms have not been correct.

“After communicating with servers controlled by Doctor Web, Trojans send requests to the server at 74.207.249.7, controlled by an unidentified third party. This server communicates with bots but doesn’t close a TCP connection. As a result, bots switch to the standby mode and wait for the server’s reply and no longer respond to further commands,” explained the researchers.

“As a consequence, they do not communicate with other command centers, many of which have been registered by information security specialists. This is the cause of controversial statistics – on one hand, Symantec and Kaspersky Lab reported a significant decline in the number of BackDoor.Flashback.39 bots, on the other hand, Doctor Web repeatedly indicated a far greater number of bots which didn’t tend to decline considerably.”

In short, the number of affected computers seems to reach 550,000 – nearly as many as those counted when the botnet was first spotted.

It is disheartening to see that all the attention the issue has received in the media and all the downloads of the FlashFake removal tools haven’t made a considerable dent in that number.

Is it that the disinfected computers get easily infected again since the latest variants don’t require any user interaction and are installed onto the systems via exploits of unpatched flaws? If that’s what’s happening, installing an AV solution onto one’s Mac seems to be unavoidable.