When Apple was just a niche maker of Mac computers and only truly popular among college students and graphic designers, hackers paid little attention to the company. Instead, they focused on Microsoft, which had more than a 90% share of the PC operating system market.

Those days are over. Recent iPad security scares are a sign that Apple’s devices are a growing target for hackers, spammers and malicious coders.

“Market share is a pretty good indicator of who hackers are going after,” said Kevin Haley, director at Symantec Security Response. “Hackers are motivated by money, so they want to get access to the most amount of people.”

Hacker group Goatse Security was able to obtain 114,000 iPad 3G users’ e-mail addresses and iPad SIM card ID numbers from AT&T’s website last week. The vulnerability was on AT&T’s site, but any hit against the iPad dings Apple as well. And in a blog post, Goatse Security said Monday that a “skilled attacker” could take advantage of a weakness in the iPad’s Safari Internet browser to launch a spam attack from a compromised iPad.

“This is a wake-up call for Apple, and it cannot afford to hit the snooze button,” said Hemanshu Nigam, founder of SSP Blue, a cybersecurity consulting firm. “The hacker community focuses on companies that are on the top of their games. Apple has gained enough market share that it has caught hackers’ attention.”

It’s not surprising that Apple is becoming a growing target — it’s simply a matter of scale. Cybercriminals try to hack the software that most people use to access the Internet, and increasingly, that software is made by Apple. While Apple’s PC market share is still in the single digits, Apple is now the second largest smart phone maker in the United States, behind only BlackBerry maker Research in Motion. It has also sold more than 2 million iPads in just two months.

“Any company’s device or platform on which lots and lots of people are exchanging or storing data is going to be susceptible to an attack,” said Fred Rica, principal security analyst at PricewaterhouseCoopers. “Hackers are beginning to change over to other platforms that hadn’t been traditional targets, particularly to mobile.”

As Apple products become higher-profile targets, its response is going to be tested. The company’s stance on security has long been “don’t worry about it.” For instance, on its website Apple says simply, “Mac OS X doesn’t get PC viruses.” The iPhone and iPad websites don’t even mention security.

Apple claims that the Unix framework that its Mac operating system is built on is inherently safer than Windows. The truth is that Mac OS has as many vulnerabilities as Windows, according to Nigam — Apple patches its products just often as Microsoft does.

In the past, Apple has responded quietly when vulnerabilities are exposed, patching products through automatic updates with no announcement. The company’s famous “Get a Mac” ads say Microsoft’s constant security updates and alerts interfere with users’ ability to do work on their computers. Ironically, Apple’s Safari browser’s lack of security alerts is one of the factors contributing to the security hole in the iPad, according to Goatse Security.

“Suggesting Apple doesn’t get viruses gives its users a completely false sense of security,” Nigam said. “It’s essentially taunting hackers. They’ll take it as a challenge, and just start exploiting Apple’s user base.” As a result, Nigam suggested it’s time for Apple to change it’s attitude. Right now, Apple prioritizes the user experience ahead of security. That can backfire. ”Apple has the capability to take charge of this situation now,” he said. “If it doesn’t, it’s risking damage to its reputation for the long haul, a la Microsoft.”

For the first time criminal hackers may have succeeded in creating a network of “zombie” cellphones, infected with software that can be used to send spam or attack websites without the owners’ knowledge.

Botnets, as such networks are known, are usually made up of infected personal computers and are used to make money from spam or extortion. Millions of machines worldwide are secretly running botnet software and it has been estimated that one in four US personal computers is part of a botnet.

No botnet has ever been discovered running on mobile devices – until now, that is. Security firm Symantec, headquartered in Cupertino, California, says that a piece of software known as Sexy Space may be the first case.

Sexy Space uses text messages reading “A very sexy girl, Try it now!” to jump between phones. The messages contains a link that, when clicked, asks the user to download software which, once installed, sends the same message to contacts stored in the phone.

Similar SMS viruses have been seen before. But Sexy Space is unusual in that it also communicates with a central server and can thus be controlled by the hackers who created it – the feature that gives conventional botnets their power. If the network of infected phones is seen to be responding to remote commands, it can be described as a true botnet.

Zulfikar Ramzan, Symantec’s technical director of security response, notes that it is not yet clear how Sexy Space will use the connection to the central server. “But this has all the makings of a mobile botnet,” he says. As PC botnets go it’s unsophisticated,” adds Ben Feinstein of SecureWorks, a computer security firm based in Atlanta, Georgia. “But it’s a new development in the world of mobile malware.”

Mobile botnets would pose entirely new security threats, says Feinstein. For example, researchers have shown that one could disable parts of the mobile phone network by flooding it with text messages. Infected devices could also be used to infiltrate computer networks. In a demonstration last year, a team from Errata Security, also in Atlanta, used an iPhone sent to a company to spy on its IT infrastructure.

While sat in the firm’s mailroom the phone sent back information about the local wireless systems and computers. A criminal hacker could use the same technique to break into a company’s internal computer network, Errata’s researchers claim.

In comparison to the viruses we see today, as well as the possible threat involved, Melissa was not much more than child’s play or a proof of concept – albeit a very potent one. Launched in March of 1999 by 31-year old David Smith, Melissa shut down entire Internet mail systems by clogging corporate email networks with a massive email volume. Carrying the subject line “Here is that document you asked for … don’t show anyone else;-)”, it spread via Microsoft Word 97 and 2000, Excel 97, 2000 and 2003 and mass-mailed itself to the first 50 contacts in Outlook 97 and 98.

It mailed an infected file, LIST.doc, which contained passwords that allowed access to 80 pornographic websites. There were at least four variants of Melissa, some of which caused much more damage and deleted critical Windows system files.  David Smith from Aberdeen Township in New Jersey created the original Melissa virus and was sentenced to 20 months in prison back in 2002. A judge in New Jersey also fined Smith $5000 and ordered him to stay clear of computer networks or the internet unless authorized by the court.  

Today, Melissa is widely believed to have been the first notable email virus and is, according to MessageLabs, “credited with laying the foundations for the devastating use of botnets that has since allowed cyber criminals to spread malware so rapidly and economically.” The company said it has detected 108 different strains and more than 100,000 copies of the virus to date. MessageLabs said that Melissa remains a constant sight in the malware landscape and about 10 copies are still found every month.

“Melissa was the virus equivalent of the supermodels from the 90’s, known by one name and iconic within the industry,” said Alex Shipp, senior director at MessageLabs services. “This was the first attack of this magnitude and I remember that when the numbers reached the hundreds within the first hour of stopping Melissa, which were significant levels in 1999, we knew the threat landscape had changed evermore.”

The first virus overall is believed to have been the Creeper virus, which has been distributed in the early 1970s. Other notable viruses of the past two decades include “Michelangelo,” which wiped information from millions of computers in 1992; Concept, the first Macro virus, in 1995; CIH (1998), which infected the BIOS of a computer and essentially rendered those computers useless and the ILOVEYOU virus (2000), which is believed to have been the malware causing the most damage so far (an estimated $10 billion). If you would like to read up some more on notable viruses in the past years, check them out HERE!