“Mac OS X Machines Roped Into Jnanabot Network” by Gareth Halfacree revisits the Symantec analysis of the Jnanabot (Boonana) botnet and the conclusion that 16% of infected machines are Macs, as already covered in David Harley’s earlier blog.
The Bit-Tech article has attracted a number of comments arguing about what that figure actually means, but I think it’s pretty clear from Harshit Nayyar’s blog. (An excellent summary, by the way.)
The flaws in the P2P protocol used by the botnet for intercommunication have allowed Symantec to determine the proportion of users of various operating systems and OS versions at the time of their “snapshot” analysis in early December. What that gives them, it seems to me, is a (presumably) accurate figure for the number of infected Macs in the botnet (and for other systems, of course). This is fairly unusual, in that it’s vendor-agnostic telemetry, whereas AV vendor statistics are commonly based on reporting systems that are dependent on the presence or proximity of antivirus software, usually a specific brand.
What it doesn’t tell you is anything about the quantity of OS X systems infected with malware other than Boonana. It merely suggests rather strongly that Boonana has been rather successful at recruiting Macs. Nowhere near as successful as it has been at recruiting PCs running Windows XP, of course.
While the relation of this figure to Apple’s overall market share (around 5%-7% depending on source) has caused some confusion, the proportion of infected Macs is higher than you’d expect (at least double). I don’t know if that’s because the social engineering hooks used by Boonana are more effective than usual, or because cross-platform applications are more likely to be trusted by unwary Mac users, or something else entirely. But lack of caution is clearly an element here.
Old Mac Bloggit