Macs and Linux come under attack as the threat landscape shifts
The latest monthly report from internet security specialist Doctor Web shows that whilst Windows and Android users have no cause for complacency, November saw substantial numbers of malicious programs aimed at Mac OS X and Linux platforms.
Trojans remain the most popular form of attack making up 8.7 percent of all malware detected. Trojan.InstallCore.12, which installs different adware, toolbars and browser extensions, ranks first. BackDoor.Andromeda.404, which downloads other malicious programs into an infected system when commanded to do so by intruders, ranks second.
In November BackDoor.Andromeda.404 was distributed in large quantities by email thanks to a mass spam campaign. It accounted for 2.4 percent of the malware detected by Doctor Web. The malware top 10 includes a number of other programs that seek to steal confidential information.
Several new examples of OS X malware have been added to Doctor Web's database. These include Mac.BackDoor.Ventir.2 a backdoor that can execute commands from a remote server, log key strokes and relay information to criminals. Particularly sneaky is Mac.BackDoor.WireLurker.1 which waits for the moment when an iOS device is connected to an infected Mac and then uploads its files onto the device. It even comes in two versions, one intended for jailbroken devices, while the other is for unaltered iOS devices. It takes advantage of the "enterprise provisioning" feature that enables companies to bypass the AppStore and install applications onto its employees’ devices.
Linux systems have been targeted by Linux.BackDoor.Fgt.1 which scans random IP addresses on the internet and launches a brute force attack in an attempt to establish a Telnet connection with their nodes. If successful, it commands the attacked host to download a special script. The malware’s command and control server stores versions for various Linux distros and versions allowing it to infect not only internet-connected servers and PCs running Linux, but also other devices, such as routers.
Android doesn't escape the onslaught, with a large number of malicious programs being detected. Many of these are banking trojans aimed at stealing money from accounts accessed on compromised devices. For example Android.BankBot.33.origin is aimed at Russian internet banking users. It employs SMS commands to covertly transfer money to the intruders' account and hide SMS replies from the bank, so that the user won't notice unauthorised transactions. In addition it can load a bogus web page in the browser to lure users into submitting their online credentials.
For more information about the latest virus activity and a free online scanner for malicious files and links you can visit the Doctor Web site.
Photo Credit: Jirsak/Shutterstock