ManagerJosh
02-21-2006, 08:31 AM
FEBRUARY 21, 2006
News Analysis
By Arik Hesseldahl
Macs, Safe No More?
Recent malware outbreaks suggest that Apple's computers are now targets of viruses and trojans. Here's the lowdown
For years, owners of Macintosh computers from Apple Computer (AAPL (http://javascript<b></b>: void showTicker('AAPL')) ) have lived in a computing version of the Garden of Eden, free from the worries over viruses, trojan-horse intrusions, and other digital nastiness that crops up every day for users of Microsoft (MSFT (http://javascript<b></b>: void showTicker('MSFT')) ) Windows.
Could it be that those days are coming to an end? Two malicious bits of software showed up on Macs in as many days in mid-February. And while neither appears to be all that harmful when compared with the worst threats to hit Windows, they may indicate more worrisome days are in store -- just as the Mac, newly powered by Intel (INTC (http://javascript<b></b>: void showTicker('INTC')) ) chips, gains added popularity and attention.
Here's a rundown of what's known about these threats.
Exactly what form is the malware taking?
One, called Leap-A, is a trojan disguised as a jpeg image of a coming version of the Mac OS. Once it's inadvertently downloaded and installed, it replicates in wormlike fashion by sending copies of itself to people on a user's iChat buddy list.
iChat is an instant-messaging program for Apple users that connects primarily to America Online's (TWX (http://javascript<b></b>: void showTicker('TWX'))) AOL Instant Messenger Network. It also goes by the name Oompa-A, or Oompa Loompa Trojan. The files check for the presence of an attribute called "oompa," a reference to the diminutive chocolate-factory employees of Charlie and the Chocolate Factory fame.
How serious of a threat is it?
Not terribly. Beyond replicating itself, it's not considered harmful, says David Cole, director of Symantec's (SYMC (http://javascript<b></b>: void showTicker('SYMC')) ) Security Response. "This is a very garden-variety kind of threat," he says. "Had this appeared on the Windows platform, we wouldn't even be talking about it." It's also not thought to carry any threat to Windows users who may appear in the buddy lists of Mac users.
How widespread is it?
Symantec (SYMC (http://javascript<b></b>: void showTicker('SYMC')) ) says the program has spread to only a "handful" of users, perhaps numbering in the hundreds.
What can I do to protect myself against it?
Here's what Apple says: "Only download and install applications from trusted sources, such as well-known application publishers, authorized resellers, or other well-known distributors. It is also advisable to use antivirus software to scan any files before installation."
And the other?
The second is a worm known as OSX.Inqtana.A. Once introduced to a targeted Mac, probably via a user's download, it tries to replicate itself via the computer's Bluetooth wireless data connection. Most recent Macs have Bluetooth wireless technology built in for working with Bluetooth-friendly headsets, printers, and other devices.
Is it a big concern?
This worm's ability to spread has been hobbled by several factors. First, in order to spread to a second computer, it has to come within close physical proximity of the first computer's Bluetooth transmitter, which is generally limited to about the size of a large room. Moreover, this worm takes advantage of a security vulnerability in Bluetooth wireless technology that has been documented for more than eight months.
What can be done to stop it?
An Apple spokesman says the vulnerability was addressed in a software security update issued in June, 2005. Any Mac users who have used Apple's "software update" feature on OS X since then have nothing to worry about. "It's unlikely that most users would even get this," Symantec's Cole says. "And it doesn't appear to be carrying a payload that does any damage."
Are the two related?
Probably not. They seem to have been developed at roughly the same time, independently.
But ultimately, what does this mean for Mac users? Are the days of not worrying about security threats like malicious software over?
If nothing else, these two programs show that there are some new efforts underway by those who like to create malicious software to establish new inroads on the Mac. These efforts have so far shown little success, and in truth, created very little trouble for Mac users.
And generally speaking, Macs have historically suffered less from viruses, trojans, and other security threats over the decades. Still, the Garden of Eden didn't last forever.
News Analysis
By Arik Hesseldahl
Macs, Safe No More?
Recent malware outbreaks suggest that Apple's computers are now targets of viruses and trojans. Here's the lowdown
For years, owners of Macintosh computers from Apple Computer (AAPL (http://javascript<b></b>: void showTicker('AAPL')) ) have lived in a computing version of the Garden of Eden, free from the worries over viruses, trojan-horse intrusions, and other digital nastiness that crops up every day for users of Microsoft (MSFT (http://javascript<b></b>: void showTicker('MSFT')) ) Windows.
Could it be that those days are coming to an end? Two malicious bits of software showed up on Macs in as many days in mid-February. And while neither appears to be all that harmful when compared with the worst threats to hit Windows, they may indicate more worrisome days are in store -- just as the Mac, newly powered by Intel (INTC (http://javascript<b></b>: void showTicker('INTC')) ) chips, gains added popularity and attention.
Here's a rundown of what's known about these threats.
Exactly what form is the malware taking?
One, called Leap-A, is a trojan disguised as a jpeg image of a coming version of the Mac OS. Once it's inadvertently downloaded and installed, it replicates in wormlike fashion by sending copies of itself to people on a user's iChat buddy list.
iChat is an instant-messaging program for Apple users that connects primarily to America Online's (TWX (http://javascript<b></b>: void showTicker('TWX'))) AOL Instant Messenger Network. It also goes by the name Oompa-A, or Oompa Loompa Trojan. The files check for the presence of an attribute called "oompa," a reference to the diminutive chocolate-factory employees of Charlie and the Chocolate Factory fame.
How serious of a threat is it?
Not terribly. Beyond replicating itself, it's not considered harmful, says David Cole, director of Symantec's (SYMC (http://javascript<b></b>: void showTicker('SYMC')) ) Security Response. "This is a very garden-variety kind of threat," he says. "Had this appeared on the Windows platform, we wouldn't even be talking about it." It's also not thought to carry any threat to Windows users who may appear in the buddy lists of Mac users.
How widespread is it?
Symantec (SYMC (http://javascript<b></b>: void showTicker('SYMC')) ) says the program has spread to only a "handful" of users, perhaps numbering in the hundreds.
What can I do to protect myself against it?
Here's what Apple says: "Only download and install applications from trusted sources, such as well-known application publishers, authorized resellers, or other well-known distributors. It is also advisable to use antivirus software to scan any files before installation."
And the other?
The second is a worm known as OSX.Inqtana.A. Once introduced to a targeted Mac, probably via a user's download, it tries to replicate itself via the computer's Bluetooth wireless data connection. Most recent Macs have Bluetooth wireless technology built in for working with Bluetooth-friendly headsets, printers, and other devices.
Is it a big concern?
This worm's ability to spread has been hobbled by several factors. First, in order to spread to a second computer, it has to come within close physical proximity of the first computer's Bluetooth transmitter, which is generally limited to about the size of a large room. Moreover, this worm takes advantage of a security vulnerability in Bluetooth wireless technology that has been documented for more than eight months.
What can be done to stop it?
An Apple spokesman says the vulnerability was addressed in a software security update issued in June, 2005. Any Mac users who have used Apple's "software update" feature on OS X since then have nothing to worry about. "It's unlikely that most users would even get this," Symantec's Cole says. "And it doesn't appear to be carrying a payload that does any damage."
Are the two related?
Probably not. They seem to have been developed at roughly the same time, independently.
But ultimately, what does this mean for Mac users? Are the days of not worrying about security threats like malicious software over?
If nothing else, these two programs show that there are some new efforts underway by those who like to create malicious software to establish new inroads on the Mac. These efforts have so far shown little success, and in truth, created very little trouble for Mac users.
And generally speaking, Macs have historically suffered less from viruses, trojans, and other security threats over the decades. Still, the Garden of Eden didn't last forever.