Sophos is warning Mac users about a malware – refered to as both a virus and a worm by the company – that can disable Mac OS X's built in firewall, steal personal information, and destroy data.
Sophos’ head of technology Paul Ducklin told Silicon.com: "The Renepo [also refered to as Opener] virus, is designed to infect any Mac OS X drives connected to the infected system and it leaves affected computers vulnerable to further hacker attack.
"It disables Mac OS X's built in firewall, creates a back door so the malware author can control the computer remotely, locates any passwords stored on the hard drive and downloads a password cracker called JohnTheRipper.
"Opener tries to spread by copying itself to any drive that is mounted to the infected computer. This could be a local drive, part of a local network or a remote computer."
Ducklin warns: "It could be the start of a spate of viruses that uses Mac OS X’s scripting features against its users."
Senior technology consultant for Sophos Graham Cluley warns on Sophos's Web site: "You do not want the Renepo worm anywhere near your Mac OS X network. Renepo makes so many security-related changes to your systems that all bets are off once you have been compromised. Because the worm attempts to harvest user, configuration and password data for a wide range of applications, it represents a huge security headache for all administrators, creating a backdoor to leave infected computers vulnerable to further attack."
Sophos notes that the Renepo virus has not been seen in the wild to date, but can be considered a warning to Macintosh users not to be complacent about the malware threat.
Symantec claims users of Norton AntiVirus for Mac OS X are protected as long as they have updated their signatures since the relevant upgrades were made available on Friday. Sophos Anti-Virus for Mac OS X has also been fully updated to protect against the threat.