Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 10228 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Please Alleviate My Malware Ignorance

wstrohm

I own Sophos Anti-Virus v 7.3.11C, updated as of May 7, 2012. Scans have never shown any "threats." However, I have some general questions about malware and anti-malware programs.

My computer is a PPC PowerMac 2.7 GHz dual-CPU G5 (early 2005). I am running Mac OS X Tiger, v 10.4.11 and Safari v 4.1.3. Sophos runs fine on this system, and I have no questions about it specifically.

Just exactly how vulnerable are my Mac, OS, and browser to the recent malware infecting Intel Macs? I have never had any type of virus, Trojan, backdoor, or other malware on my system in the last 7 years. I have read that Flashback attacks through Java, but since everything I have read on various blogs is oriented toward Intel Macs, I have no information on whether my system even can be affected. Back in 2005, Macs were pretty much malware-free. Are these new threats applicable to my computer, or not?

In fact, are the current forms of malware even capable of running on any PPC (IBM) CPU? IIRC, the instruction set for a PPC970 and any Intel chip are sufficiently different that a "universal" app is required to run on both. Are current malware programs in that format, or are they targeted specifically at the Windows and Mac Intel systems?

I would like a clear idea of my risk level, if one is available.

Thanks very much for reading this!

----    Bill 

:1007213


This thread was automatically locked due to age.
Parents
  • 0

    Thank you for the excellent question!  This is something I have some level of answer for, and have been surprised that nobody has asked before, as it's really quite relevant.

    Here's a brief summary of the current threat landscape (for the week of May 17 2012) as detected by a sample of our OS X customers, and what platforms are affected by the threats.  Note that this information is relative, and is not meant to be comprehensive, but shows the general trends:

    Top 10 threats detected on OS X in the last 7 days, in order of prevalence:

    • Mal/BredoZp-B (16% of all threats) - Windows-only, arrives by email
    • Mal/Phish-A - social engineering, sometimes tricks people into giving away personal information, sometimes tricks people into downloading and running (predominantly Windows) malware; arrives by email
    • Mal/KeyGen-M - Windows-only, downloaded in torrents and from software cracking repositories
    • OSX/FkCodec-A - Intel 32-bit (currently), found on dodgy websites and via drive-by downloads from infected legitimate websites
    • Mal/BredoZp-D - Windows-only, arrives by email
    • Mal/ASFDldr-A - Windows-only payload, usually found in Windows Media movie torrents
    • Troj/Invo-Zip - Windows-only, arrives by email
    • Mal/KeyGen-R - Windows-only, downloaded in torrents and from software cracking repositories
    • Mal/Packer - Windows-only, associated with a lot of dodgy software downloaded from the Internet

    Top 15 OS X threats detected on OS X in the last 7 days, in order of prevalence:

    • OSX/FkCodec-A (41% of all OS X threats) - Intel 32-bit (currently), found on dodgy websites and via drive-by downloads from infected legitimate websites
    • OSX/FakeAV-DWN - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/Flshplyr-D - Intel 32 and 64 bit, installed via infected website via Java exploit
    • OSX/FakeAVZp-C - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAvDl-A - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAV-DPU - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAvDl-B - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/DnsCha-E - Shell script, runs on OS X 10.4+, originally found in malicious OS X software torrents
    • OSX/Flshplyr-E - Intel 32 and 64 bit, installed via infected website via Java exploit
    • OSX/RSPlug-A - combination of shell script and browser plugin, runs on OS X 10.4+, originally found in malicious OS X software torrents
    • OSX/Jahlav-C - Shell script, runs on OS X 10.4+, originally found in malicious OS X software torrents
    • OSX/LogKext-A - PPC 32 bit, Intel 32 and 64 bit, installs malicious kernel extensions, keylogger installed by hand or by malware
    • OSX/FakeAv-FFN - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAV-A - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAv-FNV - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    :1007215
Reply
  • 0

    Thank you for the excellent question!  This is something I have some level of answer for, and have been surprised that nobody has asked before, as it's really quite relevant.

    Here's a brief summary of the current threat landscape (for the week of May 17 2012) as detected by a sample of our OS X customers, and what platforms are affected by the threats.  Note that this information is relative, and is not meant to be comprehensive, but shows the general trends:

    Top 10 threats detected on OS X in the last 7 days, in order of prevalence:

    • Mal/BredoZp-B (16% of all threats) - Windows-only, arrives by email
    • Mal/Phish-A - social engineering, sometimes tricks people into giving away personal information, sometimes tricks people into downloading and running (predominantly Windows) malware; arrives by email
    • Mal/KeyGen-M - Windows-only, downloaded in torrents and from software cracking repositories
    • OSX/FkCodec-A - Intel 32-bit (currently), found on dodgy websites and via drive-by downloads from infected legitimate websites
    • Mal/BredoZp-D - Windows-only, arrives by email
    • Mal/ASFDldr-A - Windows-only payload, usually found in Windows Media movie torrents
    • Troj/Invo-Zip - Windows-only, arrives by email
    • Mal/KeyGen-R - Windows-only, downloaded in torrents and from software cracking repositories
    • Mal/Packer - Windows-only, associated with a lot of dodgy software downloaded from the Internet

    Top 15 OS X threats detected on OS X in the last 7 days, in order of prevalence:

    • OSX/FkCodec-A (41% of all OS X threats) - Intel 32-bit (currently), found on dodgy websites and via drive-by downloads from infected legitimate websites
    • OSX/FakeAV-DWN - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/Flshplyr-D - Intel 32 and 64 bit, installed via infected website via Java exploit
    • OSX/FakeAVZp-C - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAvDl-A - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAV-DPU - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAvDl-B - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/DnsCha-E - Shell script, runs on OS X 10.4+, originally found in malicious OS X software torrents
    • OSX/Flshplyr-E - Intel 32 and 64 bit, installed via infected website via Java exploit
    • OSX/RSPlug-A - combination of shell script and browser plugin, runs on OS X 10.4+, originally found in malicious OS X software torrents
    • OSX/Jahlav-C - Shell script, runs on OS X 10.4+, originally found in malicious OS X software torrents
    • OSX/LogKext-A - PPC 32 bit, Intel 32 and 64 bit, installs malicious kernel extensions, keylogger installed by hand or by malware
    • OSX/FakeAv-FFN - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAV-A - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    • OSX/FakeAv-FNV - PPC 32 and 64 bit, Intel 32 and 64 bit, originally found via drive-by download from SEO poisoned search results
    :1007215
Children
No Data