Apple Worm and More Mac Patches
The first piece of self-propagating malware targeting Apple's Mac OS X operating system has been spotted online and appears to be spreading disguised as a picture of the next version of the OS.
This is significant on many levels. I have been talking with security experts over the past few weeks about the research community's increased interest of late in Mac virus threats and exploits. The general theory among some of the folks I spoke with at recent hacker conferences was that 2006 was ripe to be the year of "Macsploitation" (my term).
This kind of talk has never sat well with the Mac user community, which tends to view these sorts of predictions as a type of jealous, wishful thinking from users of another operating system that is constantly under attack. (For an excellent illustration of this dynamic, check out the "Castle OS X Stormed" posts over at the A Day in the Life of an Information Security Investigator blog.)
Just yesterday in fact, I spoke with John Barnes, president of Washington Apple Pi, a local Mac user group with a long history, and he echoed those sentiments, noting that if Mac users are somewhat smug when it comes to security ... well, they have a right to be.
Slashdot has now picked up on this, linking to the original thread about this problem over at Mac Rumors. The anti-virus firm Sophos has classified this thing as a worm, calling it OSX/Leap-A. Sophos classifies it as an instant-messaging worm.
It's not clear to me at this point whether this is truly self-propagating, as I'm fairly sure OS X is set up so that infecting a machine and spreading malware would require some sort of user interaction or approval. Imagine that: the first Mac OS X malware worth noting and no one knows whether to call it a worm, a virus or a Trojan horse. At any rate, I'm sure we'll hear more about this soon (and see a slew of other names for this thing once the other anti-virus companies jump on the bandwagon).
In other Mac news, Apple has issued an update to fix several problems in OS X, but the company could be a little clearer about what exactly those problems might entail.
In a somewhat spare advisory issued Tuesday (a few hours after Microsoft released its bundle of patches) Apple advised OS X 10.4.4 users to upgrade to 10.4.5 to address a few "improvements" in the operating system. Among the improvements Apple cited were "time zone and daylight saving changes for 2006 and 2007"; a fix that addresses "a potential crash which may occur when processing large amounts of data in MySQL" databases; and an "issue with using and mounting Windows-formatted storage devices."
Apple provides no other information or acknowledgment on its Web site as to whether these are security problems or merely fixes to help ensure smooth functioning. Mac users who have subscribed to Apple's security mailing list received an e-mail detailing one security-related fix in 10.4.5 (although this is not a particuarly serious risk). Why not include that information in the advisory on Apple's Web site?
If I'm a little sensitive to this, it's because I've spent the last several weeks poring over Apple's security advisories going back three years, and noticed a welcome trend from 2003 into 2004 (OS X 10.3.4 and prior versions) away from such vague disclosures where security fixes were routinely called "improvements" with little elaboration.
Update, 10:49 a.m. ET:This thread over at Ambrosia Software seems to have the most coherent and rational explanation of what's going on with this Mac OS X malware. From that post:
"You cannot be infected by this unless you do all of the following:
1) Are somehow sent (via email, iChat, etc.) or download the "latestpics.tgz" file
2) Double-click on the file to decompress it
3) Double-click on the resulting file to "open" it
...and then for most users, you must also enter your Admin password.
You cannot simply "catch" the virus. Even if someone does send you the "latestpics.tgz" file, you cannot be infected unless you unarchive the file, and then open it."
February 16, 2006; 10:05 AM ET
Save & Share: Previous: 2005 Patch Times for Firefox and Internet Explorer
Next: Wanted: Critical Windows Flaw ... Reward: $10,000
Posted by: MarkGo | February 16, 2006 11:38 AM | Report abuse
Posted by: guest | February 16, 2006 12:37 PM | Report abuse
Posted by: Alan Oppenheimer | February 16, 2006 1:35 PM | Report abuse
Posted by: anon | February 16, 2006 1:44 PM | Report abuse
Posted by: Waveflux | February 16, 2006 2:09 PM | Report abuse
Posted by: Bk | February 16, 2006 2:18 PM | Report abuse
Posted by: David Meyer | February 16, 2006 3:21 PM | Report abuse
Posted by: Off to the races | February 16, 2006 3:43 PM | Report abuse
Posted by: Earstwhile | February 16, 2006 3:46 PM | Report abuse
Posted by: Paul | February 16, 2006 4:35 PM | Report abuse
Posted by: Ken L | February 16, 2006 4:45 PM | Report abuse
Posted by: Off to the Races | February 16, 2006 5:06 PM | Report abuse
Posted by: Mark Odell | February 16, 2006 5:11 PM | Report abuse
Posted by: Heh... | February 16, 2006 5:15 PM | Report abuse
Posted by: JAY | February 16, 2006 5:49 PM | Report abuse
Posted by: Kevin Hayes | February 16, 2006 8:39 PM | Report abuse
Posted by: Michael | February 16, 2006 9:52 PM | Report abuse
Posted by: Bk | February 16, 2006 11:21 PM | Report abuse
Posted by: media hound | February 17, 2006 12:21 AM | Report abuse
Posted by: Anonymous | February 17, 2006 12:35 AM | Report abuse
Posted by: Off to the Races | February 17, 2006 7:35 AM | Report abuse
Posted by: Bk | February 17, 2006 10:23 AM | Report abuse
Posted by: Jay | February 17, 2006 11:37 AM | Report abuse
Posted by: kurt | February 17, 2006 12:26 PM | Report abuse
The comments to this entry are closed.