Free anti-virus for Mac – 150,000 active users and plenty of malware found

Mac OS X malware chart

Apple and worm
We currently have a stonking 150,000 active users of our free Mac anti-virus product, downloading updates from our servers.

Sophos Anti-Virus for Mac Home Edition was launched on November 2nd, and proved instantly popular. At its peak we were seeing one download almost every second (to be precise, 3032 an hour at the craziest point!). It’s also made the list of top products downloaded on the Apple site, and is listed as the most popular download in their Networking & Security section.

What we’ve also been trying to determine, is a list of the most commonly encountered malware that these Mac users are seeing:

Top malware reported by Mac users

The above top 20 chart shows the percentage of malware reports by users of our Mac product. [Update: Some folks have asked how many malware reports this chart is based upon. We counted just under 50,000 malware reports from the Mac users during the time period]

There are some interesting entries in there.

Firstly, we should deal with the one that’s top of the list. As The Register describes, Mal/ASDFDldr-A is how Sophos detects malicious files that use the scripting capability of Microsoft Media Player to force your web browser to visit an infected site instead of playing the video you were hoping for.

Normally the infected media files are blank (no music, no video) but they are distributed posing as music from Lady Gaga, ABBA, Madonna, etc.. They are several megabytes in size due to null padding. So there’s definitely nothing to lose and everything to gain by erasing them.

You’ll also notice a lot of Java-based attacks in the list, these are obviously cross-platform and may have been found in internet caches by users who were hit by a drive-by attack. Many of these might have been designed to download further Windows-based attacks to computers, but they could easily be adapted to download Mac-based threats too.

You’ll also see some Mac OS X-specific malware in there (OSX/Jahlav and DNS Changer). These are well known Mac Trojans that are typically disguised by hackers on BitTorrent sites, or planted on websites as alluring downloads or plugins to view videos.

Sophos Anti-Virus for Mac detecting OSX/Jahlav-C

It’s also interesting to see the infamous Conficker worm edging its way into the top 20 chart in 19th place.

Conficker, of course, cannot infect Macs but it does spread via USB drives – so I imagine that Mac users are encountering this when Windows users share an infected thumb drive with them. That’s a good opportunity for Mac users to feel good about themselves – even if they couldn’t have been infected by Conficker they can feel a bit smug that their Mac anti-virus was able to show up an insecure Windows user. :)

Aside from these stats, we’ve received a fair amount of anecdotal evidence that Mac users who have never scanned their drives before with an anti-virus are finding suspicious files.

For instance, here’s a message from Graham Lee who was at a Mac User Group meeting, and tweeted the following last night:

(Full disclosure: Graham Lee used to work at Sophos)

We don’t see as much Mac malware as Windows malware. Not by a long shot. But that doesn’t mean that Mac users can afford to have their heads in the sand about about protecting their precious computers.

And, unfortunately, so long as Mac users don’t properly defend themselves they will increasingly be perceived as a soft target by cybercriminals.

If you still need some convincing, check out some of the videos of Mac malware caught in action that we’ve posted in the past.

Our free Mac anti-virus product for home users is available for download from