Hackers pay 43 cents per hijacked Mac

Computerworld - A network of Russian malware writers and spammers paid hackers 43 cents for each Mac machine they infected with bogus video software, a sign that Macs have become attack targets, a security researcher said yesterday.

In a presentation Thursday at the Virus Bulletin 2009 security conference in Geneva, Switzerland, Sophos researcher Dmitry Samosseiko discussed his investigation of the Russian "Partnerka," a tangled collection of Web affiliates who rake in hundreds of thousands of dollars from spam and malware, most of the former related to phony drug sites, and much of the latter targeting Windows users with fake security software, or "scareware."

But Samosseiko also said he had uncovered affiliates, which he dubbed "codec-partnerka," that aim for Macs. "Mac users are not immune to the scareware threat," said Samosseiko in the research paper he released at the conference to accompany his presentation. "In fact, there are 'codec-partnerka' dedicated to the sale and promotion of fake Mac software."

One example, which has since gone offline, was Mac-codec.com, said Samosseiko. "Just a few months ago it was offering [43 cents] for each install and offered various promo materials in the form of Mac OS 'video players,'" he said.

Another Sophos researcher argued that Samosseiko's evidence shows Mac users, who often dismiss security as a problem only for people running Microsoft's Windows, are increasingly at risk on the Web.

"The growing evidence of financially-motivated criminals looking at Apple Macs as well as Windows as a market for their activities, is not good news -- especially as so many Mac users currently have no anti-malware protection in place at all," said Graham Cluley, a senior technology consultant at U.K-based Sophos, in a blog entry Thursday.

Mac threats may be rare, but they do pop up from time to time. In June 2008, for example, Mac security vendor Intego warned of an active Trojan horse that exploited a vulnerability in Apple's Mac OS X. Last January, a different Trojan was found piggybacking on pirated copies of Apple's iWork '09 application suite circulating on file-sharing sites.

Mac OS X's security has been roundly criticized by vulnerability researchers, but even the most critical have acknowledged that the Mac's low market share -- it accounted for just 5% of all operating systems running machines that connected to the Internet last month -- is probably enough protection from cyber criminals for the moment.

Samosseiko's paper on Partnerka can be downloaded from Sophos' site (download PDF).