Sophos Security: Dump Windows, Get a Mac

Sophos Security has published new research into the past six months of cyber crime.

The Sophos Security Threat Management Report was compiled by the experts at SophosLabs, and reveals that while there has been a vast drop in the number of new viruses and worms being written, this has been over-compensated by increases in other types of malware, as cyber criminals turn their attention to stealing information and money.

Most interestingly, new Trojans now outweigh viruses and worms by 4:1, compared to 2:1 in the first half of 2005. In addition, the continued dominance of Windows-based threats has prompted Sophos to suggest that many home users should consider switching to Apple Macs, to shield themselves from the malware onslaught.

Findings show that the most widespread threat from January to date is the Sober-Z worm, which, at its peak, accounted for one in every thirteen emails. This worm’s dominance is evidence of trends moving away from email virus attacks, since Sober-Z maintains a monopoly despite having stopped spreading on 6 January 2006. Further reinforcing this, only one in every 91 of all emails were viral so far this year, compared with one in every 35 for the same period in 2005.

The top ten list of malware reported at Sophos’s global network of monitoring stations in the first six months of 2006 are as follows:

Position. Virus – Percentage of reports
1. W32/Sober-Z – 22.4%
2. W32/Netsky-P – 12.2%
3. W32/Zafi-B – 8.9%
4. W32/Nyxem-D – 5.9%
5. W32/Mytob-FO – 3.3%
6. W32/ Netsky-D – 2.4%
7. W32/Mytob-BE – 2.3%
8. W32/Mytob-EX – 2.2%
9. W32/Mytob-AS – 2.2%
10. W32/Bagle-Zip – 1.9%
Others – 36.3%

All of the above malware works on Windows; none is capable of infecting Mac OS X.

In contrast to the drop in new worms and viruses, the overall level of malware continues to rise – indicating that spyware, Trojan horses and phishing are now the more favoured methods of attack for cyber criminals. In June 2005, the number of different pieces of malware protected against by Sophos stood at 140,118. A year later, by June 2006, Sophos was identifying and protecting against 180,292 different viruses, spyware, worms, Trojan horses and other malware, as well as adware and other potentially unwanted applications (PUAs). The vast majority of malware continues to be written for Windows, and while the first malware for Mac OS X was seen in February 2006, it has not spread in the wild and not heralded an avalanche of malicious code aimed at Macs.

“The continuing rise of malware will concern many – the criminals responsible are obviously making money from their code, otherwise they’d give up the game,” said Graham Cluley, senior technology consultant at Sophos, in the press release. “It’s more vital than ever that all organisations use an integrated security solution to protect against intrusion, as well as blocking known and unknown malware. On top of this, hackers seem happy to primarily target Windows users and not spread their wings to other platforms. It seems likely that Macs will continue to be the safer place for computer users for some time to come – something that home users may wish to consider if they’re deliberating about the next computer they should purchase.”

82% of the new threats that protected against during the first six months of 2006 have been Trojan horses, which cannot spread by themselves and are typically targeted at particular groups of people – the lower profile attack heightening the chances of tricking users into handing over money or information. However, Sophos’s top ten chart of the most prevalent malware according to families of threats shows that the Clagger family of Trojan horses have been spammed out so aggressively they collectively account for the eighth most prevalent threat.

The top ten list of malware families reported at Sophos’s global network of monitoring stations in the first six months of 2006 were as follows:

Position. Malware family – Percentage of reports
1. W32/Mytob – 28.7%
2. W32/Sober – 22.6%
3. W32/Netsky – 19.0%
4. W32/Zafi – 9.9%
5. W32/Nyxem – 5.9%
6. W32/Bagle – 4.3%
7. W32/MyDoom – 3.3%
8. Troj/Clagger – 1.3%
9. W32/Dolebot – 1.1%
10. W32/Lovgate – 0.8%
Others -3.1%

Again, all of the above malware works on Microsoft Windows; none is capable of infecting the Apple Macintosh operating system.

Clagger Trojans have been distributed under the guise of emails from organisations that include Amazon and PayPal. February 2006 saw the first ever Trojan horse, Clagger-G, enter the monthly top ten malware chart, and the following month, Clagger-I burst in at sixth position.

“These Trojans had to be mass-spammed to millions of email addresses in order to enter the chart, and their prevalence shows that cyber criminals are continually repackaging their malicious code and using spam technology to generate illegitimate income,” said Cluley. “However, most perpetrators now opt for smaller, strategically targeted attacks, which are more manageable and have better chances of tricking computer users.”

2006 has also seen the introduction of a new kind of Trojan horse attack, whereby infected users can find their data and files kidnapped and held to ransom. Deemed ‘ransomware’, users are typically blackmailed into paying to have their data retrieved or risk losing it altogether. Three recent examples include the Ransom-A, Zippo-A and Arhiveus-A Trojans – all of which caused havoc and panic for poorly protected computer users.

“Criminals are constantly finding new ways to get their hands on some easy cash and now they’ve stooped to blackmail,” continued Cluley. “Given these filthy tactics, it’s understandable that authorities are giving out increasingly harsh sentences for crimes of this nature.”

In May 2006, the longest ever sentence was dealt out for spreading malware, when 21-year-old American, Jeanson James Ancheta, received a 57-month prison sentence for running a zombie network. The pending extradition of British hacker, Gary McKinnon, to the US is further evidence of authorities clamping down on cyber crime. McKinnon, who hacked into Pentagon and NASA computers, could face decades in jail and hefty fines. Almost every day of 2006 has seen stories break about arrests, trials and sentences relating to internet crime across the globe.

Download “Sophos Security Threat Management Report” here.

MacDailyNews Take: When hasn’t it been time for home users to switch to Macs?

Apple StoreAdvertisements:
Introducing the super-fast, blogging, podcasting, do-everything-out-of-the-box MacBook.  Starting at just $1099.
Get the new iMac with Intel Core Duo for as low as $31 A MONTH with Free shipping!
Get the MacBook Pro with Intel Core Duo for as low as $47 A MONTH with Free Shipping!
Apple’s new Mac mini. Intel Core, up to 4 times faster. Starting at just $599. Free shipping.
iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.
iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.

Related articles:
Symantec warns of new proof-of-concept ‘trojan horse’ for Mac OS X 10.4.6 – June 30, 2006
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple releases Mac OS X 10.4.7 Update – June 27, 2006
Apple Macs and viruses: Fact vs. FUD – May 26, 2006
Symantec Antivirus software flaw allows hackers to seize control of PCs without user interaction – May 25, 2006
‘Mac security’ garbage reports continue to proliferate – May 10, 2006
ZDNet: Reduce OS X security threats – ignore security software – May 05, 2006
McAfee announces virus protection for Intel-based Apple Macs – May 05, 2006
BusinessWeek: New Apple Mac ads stir up Mac security overreaction – May 04, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
Macs and viruses: the true story – May 02, 2006
Anti-Mac FUD machine shifts into overdrive – May 01, 2006
FUD Alert: Viruses don’t catch up to the Mac – May 01, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Spate of recent Mac security stories signal that Microsoft, others getting nervous – March 06, 2006
Mafiasoft: Microsoft to charge $50 per year for security service to protect Windows – February 07, 2006
Why pay Symantec for flawed ‘security’ app designed to protect Apple Macs from nonexistent threats? – December 27, 2005
‘Highly critical’ flaw in discovered in Symantec AntiVirus for Mac OS X – December 21, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005


  1. For how long is the question. Slowly, threats are growing on two fronts against OSX – one from the growing use of Windows on OSX, either through emulators (which provides some degree of insulation) and more dangerously through products like CrossOffice and DarWine which can run Win32 code and VBA macros directly.

    The other front being that as OSX gains market share, it may become the target for malware writers. Some have already documented vulnerabilities, not all of which Apple has patched, due in large by the attitude that OSX is impervious.

  2. Macintosh

    Although the first malware for Mac OS X was seen in February 2006, it has not spread in the wild and not heralded an avalanche of new malicious code for Apple’s operating system. Hackers remain happy to primarily target Microsoft Windows users and not spread their wings to other platforms. It seems likely that Macintosh will continue to be a safer place for computer users to be for some time to come.

    At no point does the report make the statement: ‘‘It is time for home users to switch to Macs.”

  3. But the article does state:

    “It seems likely that Macs will continue to be the safer place for computer users for some time to come – something that home users may wish to consider if they’re deliberating about the next computer they should purchase.”

  4. Some have mentioned that it’s only a matter of time before Macs get attacked with the fury of the Windows platform. My boss, for one, is of this opinion. What these people fail to realize is that while, yes, there will be some successful attacks on Macintosh computers in the future… it will NEVER reach the level of saturation that has been plaguing the Windows world for so many years. Mac OS X is INHERENTLY secure, making it very difficult to write malicious code for it. Windows was written with NO security in mind and has been patched and band-aided through the years to try and fix its shortcomings while maintaining compatibility with all their existing software packages. A task, mind you, that is quite simply impossible. Apple knew it and jumped ship on Mac OS 9 in 2001 and forced everyone into a new and very security centric operating system based on unix. It is that foundation, not Apple’s obscure market share, that has kept and will keep the Macintosh platform secure.


  5. People should note that phishing is basically email, not software, so technically, it is not malware.
    And macs are not immune to them.
    It’s a social engineering gimmick that lures people into revealing their bank account numbers, passwords, ebay log-ins, paypal info etc. by posing as a legitimate company. They simply design web pages that are identical to the real thing, send you a link and ask you to use it to enter you info.
    The only protection from this malice is a good spam filter and common sense.

  6. The new age of malware will maybe come for Macs, except instead of circumventing the OS, criminals will try to fool the weakspot of the system: the user. All the stuff has to do is convince the user to type in their password (at least half of typical users login using their initial admin account anyway).. boom sudo access!

    The problem is, designing security to compensate for user “holes” would require stuff that gets in people’s faces (probably like how Vista does now, except worse).

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.