New Mac malware - Mac Inspector

Mac Inspector - a blog from vnunet.com Mac Inspector - a blog from vnunet.com Mac Inspector - a blog from vnunet.com Mac Inspector - a blog from vnunet.com
A blog from vnunet.com A blog from vnunet.com A blog from vnunet.com

« iTunes downloads vs. people in the world | Main | Microsoft seeking out Maccies »

New Mac malware

So much for a slow, lazy Friday.

Two security companies have reported finding Mac malware samples making the rounds with some nasty payloads.

First, there's the report from SecureMac about a malicious piece of AppleScript that some hackers are toying with and possibly planning to spread. Known as AppleScriptTHT, or astht, it allows the attacker to essentially have remote control of your Mac, accessing the iSight camera, toggling network preferences and even retrieving user info.

The second trojan, reported by Intego, has similar behavior, logging account info and uploading it to a remote server along with the user's IP address for future use. This one, however, appears to be already making the rounds, disguised as a 180KB application called "PokerGame."

Perhaps even more worrying than the trojans themselves, however, has been the response from Mac users so far. A great many have taken to forums and blogs with a "so what?" approach, dismissing the threats because they require the user to manually launch the application.

This is why security experts still say Mac users are clueless about security, and this is why many still see OS X as fertile ground for malware.

No, these files don't hide within a webpage and covertly install themselves deep into your machine by way of a browser flaw. Then again, neither does the Storm worm, which has managed to build a botnet of more than 2 million machines simply by posing as greeting cards and movie files. Social engineering works, and it works very well.

You may know better than to launch a strange AppleScript file or a suspicious "poker game" app, but what about your mother, spouse, kids, co-workers and peers? There are plenty of people in front of Macs right now who would fall for this.

Both Intego and SecureMac are recommending their products as a way to protect against the trojan. I wouldn't go that far. Common sense will keep most everyone safe; a memo to the co-workers or a quick talk to the family on safe surfing should do it.

But to dismiss the thread and take a "nothing to see here" approach is an invitation to infection, and a great way to invite even more malware to the Mac world.

June 21, 2008 |

Comments

"Then again, neither does the Storm worm, which has managed to build a botnet of more than 2 million machines"
Yes and every single one of those machines are running Windows.

Posted by Bob | June 21, 2008 10:16 PM

@Bob

The fact that there are almost as many machines infected with that worm as there are Macs in the world is the reason they attack windows not Mac. For now anyway as windows becomes more secure and Macs become more popular (still not figured that one out yet) the lack of security on the Mac (not necessarily OS security but complacentcy of the users) will show.

Posted by paul | June 30, 2008 3:35 PM

Post a comment







Site credentials: About | Privacy policy | Terms & conditions | Top of the page
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503