Is my Mac still safe? 1
Last night I got an email from an acquaintance saying Mac owners should no longer feel safe. It’s not a virus, but a different kind of malicious software called a trojan. Unlike a virus, is doesn’t self-replicate, but relies on a user to do something stupid, like click on something they shouldn’t on the internet. As I understand it, this then allows the bad guys to access your computer.
The sender of the email was an Israeli security expert called Gadi Evron (who I once interviewed at a Hacker’s convention in Berlin for Danish radio).
Here’s what he said:
For whoever didn’t hear, there is a Macintosh trojan in-the-wild being dropped, infecting mac users. Yes, it is being done by a regular online gang–itw–it is not yet another proof of concept. The same gang infects Windows machines as well, just that now they also target macs.
This means one thing: Apple’s day has finally come and Apple users are going to get hit hard. All those unpatched vulnerabilities from years past are going to bite them in the behind.
Gadi links to a post by Alex Eckelberry on Sunbelt Blog who seems somewhat satisfied that Mac users are now getting a taste of what it’s like for PC users to be under attack. Schadenfreude? Yeah, I think so. But Eckelberry provides a helpful description and a screenshot of the trojan. He says this is something really common on porn videos, and that people get reeled in when something comes up telling them a “reputable video” will only play if a piece of software is downloaded.
Like so:
Quicktime Player is unable to play movie file.
Please click here to download new version of codec.
I’m sure Slashdot must be bustling with comments on this, but before I could even look it up, I got an email from my cousin Christian, quoting Bojan Zdrnja at the SANS Internet Storm Center:
As I said, although the Trojan is really simple, it could have done much worst things (once the installer script has root privileges, it is game over anyway). This malware shows that we must not ignore Mac machines and that Mac users should not think they are invulnerable just by using a Mac and that they can click on absolutely everything.
Be careful out there.
This isn’t a Mac vulnerability, it’s a social-engineering trick, no different than calling someone and pretending to be from the IT department in order to convince them to give you their password.