In association with heise online

25 September 2009, 12:14

Apple infections still not profitable for criminals

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to a presentation from Sophos virus specialist Dmitry Samosseiko at the Virus Bulletin 2009 conference, Apple’s Mac OS X operating system is still unprofitable as a platform for malware. Samosseiko, head of Sophos' virus lab in Canada, reached this conclusion after monitoring a "Partnerka" network involving hundreds of dubious Russian websites that disseminated malware, forged goods, pills and functionless virus scanners. Typically the malware was designed to infect other systems in order to use them to send out spam email and to act as a Web server for fraudulent offers.

Samosseiko said that at the beginning of the year he noticed a website ( – now off line, where infected Mac systems were going for 43 cents – at a time when Windows systems were worth 50 to 55 cents. An insufficient number of infections means it's not profitable to continue to operate a dedicated trading platform. While Samosseikos says the figures indicate that although including Mac platforms in their bot networks isn't particularly profitable for the criminals, it also clearly shows that they do have an eye on Apple's operating system.

The figures can, however, also be interpreted in other ways. Usually, criminals try to get Apple users to install fraudulent video codecs, which actually contain malware. Up to now, if there have been any significant waves of such attacks on Macs they have gone unreported. In itself that may only mean that few Mac users use a virus scanner and where nothing is detected, there can be no statistics. Interestingly, Apple has added malware protection to the current version of Mac OS X which at least issues a warning if RSPlug or iWorkServices, two Mac Trojans, are about to be opened.

Samosseiko’s complete report entitled "The Partnerka – What is it and why should you care"PDF is available to download.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit