When you say “computer security,” most people think viruses, worms, and other forms of malware. They also think that Mac users don’t really have to worry about it. And they’re correct. But that may be changing. Not only is the Mac becoming more popular, and therefore more worthy of criminal attention, there are many other ways Mac users can be targeted that are not platform dependent. It’s time to reassess the threats and decide whether Apple’s built-in security measures are sufficient to keep Mac users safe.
1982 – Elk Cloner
In 1982, the Elk Cloner virus spread among Apple IIs by copying itself to floppy disks’ boot sectors. Elk Cloner didn’t do any actual damage, although on the 50th time an infected machine was booted, a poem would appear on its screen.
February 2006 – Leap-A
Twenty-four years after Elk Cloner, Leap-A (also known as Oompa Loompa) emerged. Disguised as an image file, Leap-A modified files on an infected Mac and, when iChat was opened, would send infected files to the victim’s iChat buddies. Leap-A managed to infect a grand total of 49 Macs.
October 2007 – RSPlug.a
This was a malicious Trojan horse found on several pornography websites, claiming to install a video codec necessary to view free pornographic videos on Macs. After the page loaded, a disk image (.dmg) file would automatically download to the user’s Mac. If the user then proceeded with installation, the Trojan horse installed. Once active, it hijacked some web requests, leading users to phishing websites and stole passwords and credit card details. Apple added a signature for this when it launched Snow Leopard.
January 2009 – OSX.Trojan.iServices.A
This Trojan horse was found in pirated copies of Apple’s iWork ‘09 and Adobe’s Photoshop, and was downloaded more than 20,000 times, according to Intego. When installing an infected pirated copy of iWork ‘09, an extra iWorkServices package would be installed. This package was installed as a system-wide startup item, with read-write permissions as root (so it could do anything to any part of the system, with full authorisation). The malicious software would connect to remote servers over the internet and a malicious user would be able access the infected Mac and perform various actions. This was not a virus – it couldn’t spread from one Mac to another on its own. Apple added a signature for iService when it launched Snow Leopard.
April 2010 – HellRTS
Hackers disguised this threat (also known as OSX/Pinhead-B) as iPhoto, the photo management software that ships with new Macs. The threat, rated as low by Intego, opens a backdoor that could allow remote users to take control of infected Macs and perform actions on them. Intego identified this backdoor as OSX/HellRTS.D, a variant of an early Mac OS X malware first spotted in 2004. HellRTS, built in RealBasic, and a Universal Binary was able to run on both PowerPC- and Intel-Based Macs, and perform a number of operations if installed on a Mac. It could set up its own server and configure a server port and password. In June 2010 Apple added a signature for this piece of malware to Snow Leopard.
June 2010 – OSX/OpinionSpy
This spyware application could be installed by a number of freely distributed Mac applications and screen savers found online. OSX/OpinionSpy reportedly performed a number of malicious actions, from scanning files to recording user activity, as well as sending information about this activity to remote servers and opening a backdoor on infected Macs. While distribution was limited, Intego warned Mac users to pay careful attention to which software they downloaded and installed.
October 2010 – Koobface
Koobface targets users of social networking websites including Facebook (its name is an anagram of ‘Facebook’). A Mac version of the Koobface worm appeared in October 2010, disguised as links to videos. Users are taken to malicious websites to view the videos. These sites then attempt to load a Java applet. However, users are alerted to this via the standard Mac OS X Java security alert. Intego claims the problem is not a “critical” risk. Intego said: “First of all, OSX/Koobface.A is not very widespread. While there is evidence that a handful of Mac users have been infected, there is no evidence to suggest that there is any large number of infections. Second, the malware is flawed and does not work correctly in all situations.”
October 2010 – Boonana
Like Koobface, the Boonana Trojan horse, dubbed trojan.osx.boonana.a, also sped through popular social networking sites including Facebook, disguised as a video, although, according to some experts, it is not the same malware as Koobface. When run, the installer modifies system files to bypass the need for passwords. The main significance of Boonana could be that its Java design makes it platform independent, allowing it to attack both Windows PCs and Apple Mac computers.