In-Depth

New Malware Attacks Both PCs and Macs

Malware-makers have a powerful new tool: a spam bot that infects both PC and Mac platforms -- with support for Linux and iPad operating systems in the works.

• By Stephen Swoyer
• 06/28/2011

The virus and malware underworld is always adapting. Last month, for example, would-be malware-makers got a powerful new tool: a spam bot that infects both PC and Mac platforms -- with support for Linux and iPad operating systems said to be in the works.

Security watchers say malware-makers are once again doing a booming trade in spam-based maliciousness.

For the month of May, malware-makers achieved a dramatic spike in malicious traffic, generating almost 10 million pieces of malware a day, according to security specialist AppRiver. Overall spam traffic crested at 120 million pieces a day, with approximately 2.95 billion spam messages recorded last month.

That’s almost a 20 percent increase over April’s tally.

One big reason for malware’s comeback was the resurgence of the ZeuS botnet, which last month generated messages masquerading as “Security Bulletin” notifications from Microsoft Corp. The bogus messages were even timed to coincide with Microsoft’s predictable Patch Tuesday, according to AppRiver.

“Ironically, the [e-mail] states that the update will prevent malicious users from gaining access to your computer files, when in reality it would do just the opposite,” wrote researchers in AppRiver’s June, 2011 Threat and Spamscape Report. This wasn’t the first time crackers had attempted to exploit Microsoft’s security patching process. It almost certainly won’t be the last, either.

“This social engineering ploy has been used in the past but will almost assuredly fool some portion of the message recipients,” researchers said, noting that ostensibly legitimate traffic such as the ZeuS-generated “Security Bulletins” -- which appear to originate from a trusted source, and which are Too Important to Ignore -- are nonetheless easy to detect.

“[I] t is never a good idea to open attachments in a message from an unknown sender, but what about in this case when the sender appears to be a trusted source? Consider the fact that sending an unsolicited attachment in an [e-mail] is not how companies go about disseminating updates. If you get a message like this and think that it may be real, go directly to the company’s [Web site] to look for an update.”

Upping the Malware Ante

Spammers and malware-makers aren’t putting all of their eggs in one basket. Even though ZeuS is alive and well, another would-be bot-player -- dubbed Weyland-Yutani -- was launched last month.

Unlike ZeuS, the new arrival targets both PC and Mac platforms. “Weyland is an equal opportunity bot that has built-in capabilities to infect both PC and Mac based platforms with more in the works,” researchers cautioned.

Combined with last month’s nefarious Mac Defender Trojan, Weyland-Yutani comprises another indication that the Mac is increasingly seen as an “equal-opportunity” target, AppRiver suggested.

Weyland’s authors don’t plan to stop with PCs or Macs; support for Linux and iPad customizations is also on the road map. “Weyland-Yu has a very interesting feature built in, and that is the ability to automatically create scripts designed to infect both PC and Mac machines. Mac malware has been around for a while, though it has [not] yet until now been available as a kit,” researchers explained.

Kits make it easier for even “minimally technical” malware-makers to create custom malware, AppRiver observed. “The kit is selling for 1000 credits [in] WebMoney[,] which exchanges to about $1,065 US, and the authors have guaranteed the addition of iPad and Linux scripts in the very near future,” said researchers. “Imagine when a user can browse past an infected site and become a victim regardless of their operating system.”