According to a recent survey by security software vendor Sophos, 20 percent of Macs carry Windows malware and 2.7 percent carry Mac malware. Bottom line, one in five Macs is infected.

In a post on the company's NakedSecurity blog on April 24, Sophos senior technology consultant Graham Cluley warned that one in every five Macs is infected with malware, and the malware includes both Windows and Mac threats. Based on data received from about 100,000 snapshots of Mac systems that have installed the company's free Mac antivirus software, Sophos found a "disturbingly high level of malware on Mac computers - with both Windows and Mac threats being discovered," said Cluley.

Necessary Clarifications

Twenty percent of Macs, i.e. one in five, were infected with at least one instance of malware aimed at PCs running Windows, while 2.7 percent, i.e. about one in 36 Macs, were infected with the malware targeting Apple's Mac OS X. This means that Sophos' findings that one in five Macs is infected refers to systems carrying Windows malware. "Although Windows malware on Macs won't cause symptoms (unless users also run Windows on their computer), it can still be spread to others," explained Cluley.

The widespread infection of the Flashback exploit has greatly increased awareness of Macs' vulnerabilities to malware. The Flashback malware was first discovered last year as a Trojan Horse virus disguised as an update to Adobe Flash. It was detected again earlier this year operating as a drive-by exploit and infecting systems once users accessed malicious or compromised Web sites.

The Flashback malware exploited a Java vulnerability and infected more than 600,000 Macs, i.e. more than one percent of all Macs worldwide. Symantec and Kaspersky Lab reported last week that the number of infected Macs was declining, but Dr. Web and Intego contradicted those findings, saying that the number was still in the 650,000 range. The numbers continue to remain high, despite an April 3 patch for the Java flaw and the range of free tools that Apple and security vendors developed to detect and remove the malware from Macs.

New Version of Flashback Spotted in the Wild

Furthermore, Intego researchers reported they have discovered a new version of the Flashback malware, dubbed Flashback.S, in the wild. In addition, security experts warn that although Macs are considered less vulnerable to malware than Windows PCs, cyber-attackers will target them more as they grow in popularity.

"Sadly, cyber-criminals view Macs as a soft target, because their owners are less likely to be running antivirus software," warned Cluley. "Bad guys may also believe that Mac users are likely to have a higher level of disposable income than the typical Windows user. So, they might believe the potential for return is much higher. Some Apple fans might feel relieved that they are seven times more likely to have Windows malware on their Macs than Mac OX X-specific threats, but they shouldn't be."

Malware found on Macs

The Flashback exploit Sophos called "Fishplyr" was the most dominant of the OS X malware found on Macs, accounting for 75.1 percent of the Mac malware. The second most common malware, fake antivirus attacks, made up 17.8 percent of the Mac malware found on systems. According to Cluley, malware can reach Macs in a number of ways, from USB drives to email attachments, downloads from various Web sites and drive-by installations "where the user doesn't realize their Mac's security has been subverted."

Meanwhile, the top Windows malware found on Macs was Mal/Bredo, a family of malicious programs sent out via spam accounts, said Sophos. The Mal/Bredo malware made up 12.2 percent of Windows malware found on Macs.

Protection

Cluley further highlighted how important it is for Mac users to protect their computers, especially since there is free antivirus software available. Otherwise, the malware problem on Macs risks gaining the same proportions as the problem on PCs.

Cluley advised Mac users to run an up-to-date antivirus program and make sure they keep security patches up-do-date as well. Additional caution is recommended in installing programs, clicking on links and opening attachments. "If you keep clued-up about security threats, you are less likely to be tricked by a cyber-criminal into making a poor decision," said Cluley.

(reported by Alexandra Burlacu, edited by Dave Clark)