“Apple Computer Inc’s Mac OS X has been targeted by malware writers for the first time, with two pieces of malicious code designed for the operating system appearing in as many days late last week,” Datamonitor reports. “The first, known as Leap, is either a worm or a Trojan, depending on whose definitions you want to believe. It spreads via the iChat instant messaging network, but requires the user to download, extract and execute it before it can do any harm. As such, it is expected to not spread very quickly or very far. Apple users may not be accustomed to receiving malware via iChat, but they’re not generally stupid.”
“The second program, known as Inqtana, spreads via a known vulnerability in Mac OS X 10.4’s implementation of the Bluetooth stack,” Datamonitor reports. “The vulnerability evades security precautions in the software, enabling files to be written outside the designated folder. It was discovered and patched last May.”
MacDailyNews Note: Last May.
Datamation continues, “It has always been accepted wisdom that Mac OS is just as vulnerable to malware as Windows or Unix-based operating systems, and that Mac users have escaped unscathed largely because bad actors choose to ignore them.”
MacDailyNews Take: “It has always been accepted wisdom that Mac OS is just as vulnerable to malware as Windows? Accepted wisdom by whom exactly, the mentally incapacitated and/or the antivirus software companies trying to sell software to the immeasurably gullible?
Datamation continues, “Whether or not the existence of this malware should be taken as evidence that Apple computers are gaining mind or market share in a broader sense is a matter of interpretation, although it certainly is a possibility… [Leap-A] is not a particularly sophisticated social attack, hearkening back to simplistic highly effective engineering used in the I Love You and Kournikova worms that hit Windows users in the late 1990s.”
Full article here.
MacDailyNews Take: “Leap-A” hearkens back to the “I Love You” and “Kournikova” worms? To describe “Leap-A” as “simplistic” works, but to use the words “high effective” is a deceptive joke. The Windows “I Love You” worm caused $10 billion dollars in damage and the “Kournikova” worm infected at least hundreds of thousands of computers worldwide. The only similarity that “Leap-A” shares with the aforementioned Windows worms is that it is socially-engineered malware. Unlike the Windows worms, Mac OS X users would actually have to grant permission to install the malware. And, as Apple has already stated, “Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file. Apple always advises Macintosh users to only accept files from vendors and Web sites that they know and trust.” Apple provides a guide to safely handling files received from the Internet here.
Note: Do not accept files from vendors and Web sites that you don’t know and trust. Don’t throw your important documents in the Trash and Empty it, either.
Painfully Obvious Sentences: Any operating system is vulnerable to a malicious program installed by the user. Mac OS X does its best to protect foolish actions by the user, by requiring permission to install applications (including malware), but if the user is bound and determined to install malware onto their machine, they’ll install malware onto their machine. That is worlds apart from the “Windows experience” of malware that surreptitiously installs itself without user’s permission and/or knowledge.
Those who try to equate Mac OS X with Windows in the area of security because of a laughable trojan cum worm (Leap) and an old proof-of-concept (Inqtana) that was patched over half a year ago are despicable, desperate, and/or weak-minded.
• MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
• iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
• iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
• iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
• iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.
Related MacDailyNews articles:
Patched in mid-2005 by Apple, Symantec warns ‘Inqtana-A’ worm could be ‘beginning of a trend’ – February 20, 2006
OSX.Leap.A: a near miss for Mac users – February 18, 2006
Apple: ‘Leap-A’ not a virus; only accept files from vendors and Web sites that you know and trust – February 16, 2006
‘Highly critical’ flaw in discovered in Symantec AntiVirus for Mac OS X – December 21, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
$500 bounty offered for proof of first Apple Mac OS X virus – September 27, 2005
Symantec details flaws in its antivirus software – March 30, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005
FBI: Viruses, spyware, other computer-related crimes cost U.S. businesses $67.2 billion per year – February 01, 2006
Windows virus threatens 170-year-old Toldeo newspaper’s perfect record, Apple Macs save the day – January 27, 2006
Symantec: 10,866 new Microsoft Windows virus and worm variants in first half 2005 – September 19, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
97,467 Microsoft Windows viruses vs. zero for Apple Mac’s OS X – April 05, 2005
Cybersecurity advisor Clarke questions why anybody would buy from Microsoft – February 18, 2005