The first, Tored-Fam, is a worm that spreads via email attachments and is simply a variant on the well-known Tored family of malware that has been in circulation since last year. The worm collects email addresses and attempts to forward itself on.
Sophos suggests it is being used to build a Mac botnet dubbed Raedbot. This is being assembled by a malware writer dubbed Ag_Raed, who is based in Tunisia.
The second piece of malware is a Trojan called Jahlav-C which is apparently embedded in a pornography site online. It masquerades as an Activex video codec that needs to be downloaded in order to run the site’s content.
“I've got a theory that although many people are undoubtedly buying Apple computers because they're beautifully designed and well-marketed, there will also be some people who have dumped Windows because they are fed up with all of the spyware, pop-ups and virus attacks," said Graham Cluley, senior technology consultant for Sophos.
“Indeed, some of the people who may well have suffered a lot from those kind of attacks in the past may be exactly the same kind of folk who visit the grubbier areas of the internet in the wee small hours of the morning. And they may feel that one of the side benefits of switching to a Mac is that they now don't have to worry about all of those nasty things while they're err.. watching nasty things.”