The most recent big one was the Mac Defender. http://en.wikipedia.org/wiki/Mac_Defender
Apple's initial response was 'head inthe ground'. Due to outrage they did eventually provide a fix. QUOTE According to Sophos, by May 24, there had been sixty thousand calls to AppleCare <http://en.wikipedia.org/wiki/AppleCare> technical support about Mac Defender-related issues,[16]<http://en.wikipedia.org/wiki/Mac_Defender#cite_note-wisniewski-apple-support-15>and Ed Bott of ZDNet <http://en.wikipedia.org/wiki/ZDNet> reports that the number of calls to AppleCare increased in volume due to Mac Defender, and that a majority of the calls now pertain to Mac Defender.[17]<http://en.wikipedia.org/wiki/Mac_Defender#cite_note-bott-16>AppleCare employees have been told not to assist callers in removing the software.[18]<http://en.wikipedia.org/wiki/Mac_Defender#cite_note-cluley-malware-17>Specifically, support employees have been told not to instruct callers on how to use Force Quit and Activity Monitor to stop Mac Defender, as well as not to direct callers to any discussions pertaining to the problems caused by Mac Defender.[16]<http://en.wikipedia.org/wiki/Mac_Defender#cite_note-wisniewski-apple-support-15>An anonymous AppleCare support employee said that Apple instituted the policy in order to prevent users from relying on technical support instead of anti-virus programs.[18]<http://en.wikipedia.org/wiki/Mac_Defender#cite_note-cluley-malware-17> /QUOTE While I don't see it in the wikipedia article, I believe that Russian law enforcement raided a company where they provided services using this and a variety of other programs to exploit systems and information stolen from them. While in this case and it's varients these are primarily trojan based, with no enterprise monitoring or reporting capabilities you have no way of knowing if this is in your environment or not. On Thu, Oct 13, 2011 at 3:01 PM, David Lum <[email protected]> wrote: > Well, we’re getting a Mac invasion here and there is zero apparent concern > for managing these things or worrying about vulnerabilities. To get to AD > resources they’re standing up Win7 VM’s but doing as much work as possible > on the native MacOS.**** > > ** ** > > They can get to the Internet, file shares, printers, e-mail, etc on native > Mac but I just have alarms going off in my head “unmanaged machines with no > idea what intellectual property is on them”.**** > > ** ** > > Dave**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] > *Sent:* Thursday, October 13, 2011 2:49 PM > > *To:* NT System Admin Issues > *Subject:* Re: Macs and vunerabilities**** > > ** ** > > I remember the big "mac virus" recently was socially engineered - but > that's definitely the mac's biggest vulnerability. Given that mac users > generally believe they are invulnerable, its an arguably bigger vector than > the same one on a Windows system.**** > > Sent from my POS BlackBerry wireless device, which may wipe itself at any > moment**** > ------------------------------ > > *From: *David Lum <[email protected]> **** > > *Date: *Thu, 13 Oct 2011 21:45:39 +0000**** > > *To: *NT System Admin Issues<[email protected]>**** > > *ReplyTo: *"NT System Admin Issues" <[email protected] > >**** > > *Subject: *Macs and vunerabilities**** > > ** ** > > Does anyone have a link to an article or two that shows vulnerabilities > that have actually been exploited? Preferably not a random blog post…**** > > *David Lum* > Systems Engineer // NWEATM > Office 503.548.5229 //* *Cell (voice/text) 503.267.9764**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
