New Mac malware

So much for a slow, lazy Friday.

Two security companies have reported finding Mac malware samples making the rounds with some nasty payloads.

First, there's the report from SecureMac about a malicious piece of AppleScript that some hackers are toying with and possibly planning to spread. Known as AppleScriptTHT, or astht, it allows the attacker to essentially have remote control of your Mac, accessing the iSight camera, toggling network preferences and even retrieving user info.

The second trojan, reported by Intego, has similar behavior, logging account info and uploading it to a remote server along with the user's IP address for future use. This one, however, appears to be already making the rounds, disguised as a 180KB application called "PokerGame."

Perhaps even more worrying than the trojans themselves, however, has been the response from Mac users so far. A great many have taken to forums and blogs with a "so what?" approach, dismissing the threats because they require the user to manually launch the application.

This is why security experts still say Mac users are clueless about security, and this is why many still see OS X as fertile ground for malware.

No, these files don't hide within a webpage and covertly install themselves deep into your machine by way of a browser flaw. Then again, neither does the Storm worm, which has managed to build a botnet of more than 2 million machines simply by posing as greeting cards and movie files. Social engineering works, and it works very well.

You may know better than to launch a strange AppleScript file or a suspicious "poker game" app, but what about your mother, spouse, kids, co-workers and peers? There are plenty of people in front of Macs right now who would fall for this.

Both Intego and SecureMac are recommending their products as a way to protect against the trojan. I wouldn't go that far. Common sense will keep most everyone safe; a memo to the co-workers or a quick talk to the family on safe surfing should do it.

But to dismiss the thread and take a "nothing to see here" approach is an invitation to infection, and a great way to invite even more malware to the Mac world.

21 Jun 2008

Permalink

Do you agree?

Add your comment

@Bob The fact that there are almost as many machines infected with that worm as there are Macs in the world is the reason they attack windows not Mac. For now anyway as windows becomes more secure and Macs become more popular (still not figured that one out yet) the lack of security on the Mac (not necessarily OS security but complacentcy of the users) will show.

Posted by: paul 30 Jun 2008

"Then again, neither does the Storm worm, which has managed to build a botnet of more than 2 million machines" Yes and every single one of those machines are running Windows.

Posted by: Bob 21 Jun 2008

Add your comment

Your name:
Your email address:	We won't publish your address
Your comment title:
Your comment:	By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.