The Mal/ASFDldr-A malware uses the scripting capabilities of Microsoft Media Play to force the web browser to visit an infected site instead of playing the media file.
“Normally the infected media files are blank (no music, no video) but they are distributed posing as music from Lady Gaga, ABBA, Madonna, etc. They are several megabytes in size due to null padding. So there's definitely nothing to lose and everything to gain by erasing them”, wrote Graham Cluley on Sophos’s NakedSecurity blog.
The statistics on the Mac malware comes from Sophos Anti-Virus for Mac Home Edition, which the company launched on Nov. 2. The company collected 50 000 malware reports from Mac users during Nov. 2–16, 2010.
Sophos noted that a number of the malware threats are Windows-specific and do not attack the Mac OS X operating system directly, but can be transferred by Mac machines to other platforms. At the same time, there are trojans, such as OSX/Jahlav and OSX/DNS Changer, that specifically target Mac OS X. The trojans are disguised by hackers on BitTorrent sites or planted on websites as downloads or plug-ins to view video.
There are Java-based attacks in the list; these are cross-platform malware and may be found in internet caches by users who are the victims of “drive-by” attacks. “Many of these might have been designed to download further Windows-based attacks to computers, but they could easily be adapted to download Mac-based threats too”, Cluley wrote.
The Conficker worm also made the top 20 list, which he described as “interesting” because the worm cannot infect Macs, but it does spread via USB drives. “So I imagine that Mac users are encountering this when Windows users share an infected thumb drive with them.”
Cluley concluded: “We don't see as much Mac malware as Windows malware…that doesn't mean that Mac users can afford to have their heads in the sand about protecting their precious computers. And, unfortunately, so long as Mac users don't properly defend themselves they will increasingly be perceived as a soft target by cybercriminals.”