Print 21 comment(s) - last by wvh.. on May 9 at 8:06 AM

The recent worm/trojan attacking Apple's Macs is relatively harmless due to its inability to complete its email attack. However, its a sign that Apple users may have to stock up for some future de-worming.  (Source: PetCarePills)
Virus proves insignificant, but may be a sign of things to come

A trojan virus attacking Apple computers, transmitted via pirated iWork software, gained significant attention as it was one of the first viruses to strike the OS X platform.  OS X, the operating system of choice for Mac computers, has enjoyed relative safety from OS-tailored attacks thanks to its small market share, though it has become increasingly vulnerable to cross-platform application-level exploits.

The new virus, written in RealBasic, is an ambitious, but decidedly amateurish effort.  Comments in the code state that the virus's goal is to create the "First Mac OS X Botnet."  The virus also tries to steal email addresses, record keystrokes, and transmit itself via attach hard drives.

Some news outlets reported the virus, dubbed Tored, was a worm; others reported it was a trojan.  It turns out it's both -- or at least tries to be.  Both the email theft and replication to attached drives mimic viral worms like the Conficker worm.  However, the SMTP server that the virus tries to forward itself via is currently inactive.  Thus it is currently limited to trojan-style attacks, via the malware-bundled software.

A trojan typically refers to a virus that users unwittingly download and install.  A worm, on the other hand, can transmit itself over a network, via email or remote login.  Transmission via infected USB is a gray area -- some refer to such viruses as worms, others, trojans.

The virus is perhaps the first "e-mail aware" trojan to attack Macs.  While there have been several Apple-specific trojans over the last few years, this appears to be the first virus to try to behave as a worm as well.  This behavior represents a new kind of attack to the Mac platform, even if this particular attack was poorly executed.

States Graham Cluley, senior technology consultant at Sophos, "A lot of Mac fans think that for something to be a worm then it requires no user interaction to spread.  Although there are some Windows worms like that (for instance, Sasser and Code Red), many of the pieces of malware that we consider to be worms (for instance, The Love Bug, Anna Kournikova, etc.) did require user interaction and spread quite successfully."

Perhaps the most amusing aspect of the new virus was that its would-be emails featured this message, in hopes of targeting Macs -- "For Mac OS X ! :(If you are not on Mac please transfer this mail to a Mac and sorry for our fault :)"

Mr. Cluley states, "The good news is that Tored doesn't appear to be a very serious threat, and no-one is likely to encounter it. A much more serious threat for Mac users are the Trojans that are being planted on Websites posing as an attractive download.”

In January, trojans aboard pirated copies of iWork ‘09 and the Mac version of Adobe Photoshop CS4 infected over 5,000 computers.  While lacking the ability to spread autonomously, they formed what is believed to be the first Mac botnet.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By croc on 5/7/2009 6:12:53 PM , Rating: 3
My Sun box, running Solaris 10 and Netscape, needs no AV because it's inherently safe... Even safer than Macs! You have to love the 'security through obscurity' approach.

"Intel is investing heavily (think gazillions of dollars and bazillions of engineering man hours) in resources to create an Intel host controllers spec in order to speed time to market of the USB 3.0 technology." -- Intel blogger Nick Knupffer

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki