“Apple Computer Inc’s Mac OS X has been targeted by malware writers for the first time, with two pieces of malicious code designed for the operating system appearing in as many days late last week,” Datamonitor reports. “The first, known as Leap, is either a worm or a Trojan, depending on whose definitions you want to believe. It spreads via the iChat instant messaging network, but requires the user to download, extract and execute it before it can do any harm. As such, it is expected to not spread very quickly or very far. Apple users may not be accustomed to receiving malware via iChat, but they’re not generally stupid.”
“The second program, known as Inqtana, spreads via a known vulnerability in Mac OS X 10.4’s implementation of the Bluetooth stack,” Datamonitor reports. “The vulnerability evades security precautions in the software, enabling files to be written outside the designated folder. It was discovered and patched last May.”
MacDailyNews Note: Last May.
Datamation continues, “It has always been accepted wisdom that Mac OS is just as vulnerable to malware as Windows or Unix-based operating systems, and that Mac users have escaped unscathed largely because bad actors choose to ignore them.”
MacDailyNews Take: “It has always been accepted wisdom that Mac OS is just as vulnerable to malware as Windows? Accepted wisdom by whom exactly, the mentally incapacitated and/or the antivirus software companies trying to sell software to the immeasurably gullible?
Datamation continues, “Whether or not the existence of this malware should be taken as evidence that Apple computers are gaining mind or market share in a broader sense is a matter of interpretation, although it certainly is a possibility… [Leap-A] is not a particularly sophisticated social attack, hearkening back to simplistic highly effective engineering used in the I Love You and Kournikova worms that hit Windows users in the late 1990s.”
Full article here.
MacDailyNews Take: “Leap-A” hearkens back to the “I Love You” and “Kournikova” worms? To describe “Leap-A” as “simplistic” works, but to use the words “high effective” is a deceptive joke. The Windows “I Love You” worm caused $10 billion dollars in damage and the “Kournikova” worm infected at least hundreds of thousands of computers worldwide. The only similarity that “Leap-A” shares with the aforementioned Windows worms is that it is socially-engineered malware. Unlike the Windows worms, Mac OS X users would actually have to grant permission to install the malware. And, as Apple has already stated, “Leap-A is not a virus, it is malicious software that requires a user to download the application and execute the resulting file. Apple always advises Macintosh users to only accept files from vendors and Web sites that they know and trust.” Apple provides a guide to safely handling files received from the Internet here.
Note: Do not accept files from vendors and Web sites that you don’t know and trust. Don’t throw your important documents in the Trash and Empty it, either.
Painfully Obvious Sentences: Any operating system is vulnerable to a malicious program installed by the user. Mac OS X does its best to protect foolish actions by the user, by requiring permission to install applications (including malware), but if the user is bound and determined to install malware onto their machine, they’ll install malware onto their machine. That is worlds apart from the “Windows experience” of malware that surreptitiously installs itself without user’s permission and/or knowledge.
Those who try to equate Mac OS X with Windows in the area of security because of a laughable trojan cum worm (Leap) and an old proof-of-concept (Inqtana) that was patched over half a year ago are despicable, desperate, and/or weak-minded.
Advertisements:
• MacBook Pro. The first Mac notebook built upon Intel Core Duo with iLife ’06, Front Row and built-in iSight. Starting at $1999. Free shipping.
• iMac. Twice as amazing — Intel Core Duo, iLife ’06, Front Row media experience, Apple Remote, built-in iSight. Starting at $1299. Free shipping.
• iMac and MacBook Pro owners: Apple USB Modem. Easily connect to the Internet using dial-up service. Only $49.
• iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.
• iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.
Related MacDailyNews articles:
Patched in mid-2005 by Apple, Symantec warns ‘Inqtana-A’ worm could be ‘beginning of a trend’ – February 20, 2006
OSX.Leap.A: a near miss for Mac users – February 18, 2006
Apple: ‘Leap-A’ not a virus; only accept files from vendors and Web sites that you know and trust – February 16, 2006
‘Highly critical’ flaw in discovered in Symantec AntiVirus for Mac OS X – December 21, 2005
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
$500 bounty offered for proof of first Apple Mac OS X virus – September 27, 2005
Symantec details flaws in its antivirus software – March 30, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005
FBI: Viruses, spyware, other computer-related crimes cost U.S. businesses $67.2 billion per year – February 01, 2006
Windows virus threatens 170-year-old Toldeo newspaper’s perfect record, Apple Macs save the day – January 27, 2006
Symantec: 10,866 new Microsoft Windows virus and worm variants in first half 2005 – September 19, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
97,467 Microsoft Windows viruses vs. zero for Apple Mac’s OS X – April 05, 2005
Cybersecurity advisor Clarke questions why anybody would buy from Microsoft – February 18, 2005
I don’t know how anyone can argue with the headline. If someone misrepresents an application and you install and run it, what difference does the platform make?
what a crock of sh!t
Well, this should be fun.
Can’t you see what these people/companies are doing?
They are sucking us into the “worry about security” cycle windows users go through.
You want a safe computing experience, get a Mac.
If Apple can’t protect the operating system and deliver a malware free experience, don’t use computers anymore.
Most people I’ve talked to don’t do computers anymore because computer makers can’t provide a safe and reliable product.
Even Apple is sucking us in, wasting our time worrying about other things and brainwashing us into cultists.
A computer is a machine, if it fails repeatly, you don’t use it anymore.
Don’t waste your health worrying about these stupid things, life is fun, get out and get some sun, get laid.
Yah, and guess what? My $50,000 Range Rover is just as susceptible to stupid drivers as my brother’s $500 Gran Torino. So what?
Stupid is as stupid does.
If there was ever an article, and an author, who deserved to have their garbage writing and [cough] reporting [/cough] challenged with numerous e-mails to their inbox, it’s this one.
Hey, I’m just sayin’ . . .
Except Pino your Range Rover has air bags, roll-bars, better crash protection, and the higher seating position means you’re less likely to be crushed in an accident.
Thanks for being here, MacDailyNews. I need and appreciate your guidance. Time for me to re-up a donation to the site!
Whit
It ‘spreads” via iChat. Doen’t he mean you have to knowingly download the file and install it? Doesn’t sound like ‘spread’ to me. When you think of something spreading usually it refers to something that does so without any assistance.
“They are sucking us into the “worry about security” cycle” -MacDude
Sorta sounds to me like what our government does on a daily basis. We shouldn’t be falling for that either.
“I don’t know how anyone can argue with the headline. If someone misrepresents an application and you install and run it, what difference does the platform make?”
Verbose, Mac OS X is NOT as vulnerable to Malware as Windows because:
a) the points of entry are far fewer since Windows has a far higher number of critical security holes. ActiveX scripting is probably the biggest culprit in the Windows world.
b) the damage is much more limited. An admin user on Mac OS X would have to authenticate in order to allow the malware to access/install itself/modify/delete certain parts of the system, but even then, there are some parts that it still could not touch. On non-admin accounts, malware would only have access to modify the user’s home folder and drives/network shares that they have write access to, but none of the system directories.
c) Many Windows worms or viruses don’t require human intervention or social engineering tricks to spread and do harm. So far ALL of the malware that we’ve seen for Mac OS X (all 3 of them) require user intervention.
So it’s clear that there is a good argument against the headline.
Windows NT has DoD “Orange Book” C2 Security Accreditation and the UK Government equivalent.
MacOS hasn’t even been accredited at the basic level.
Security through obscurity is great, but doesn’t convince those whose bread and butter is IT security. If a C2 accredited OS can have the problems that WinNT does, just imagine the potential for MacOS.
Malware for MacOS is only a matter of time. The script kiddies are just saving up for their first Mac. Don’t be smug.
These simplistic malwares did not penetrate the Mac user base at large, while other “simplistic” worms penetrated Windows and caused $billions in damage.
You certainly aren’t hearing Mac OS X Server administrators complaining.
The evidence is clearly written.
Macromancer…. Yes, The file itself does spread without any assistance… It is up to the user to then install it.. It is only dangerous for the average user… I can think of my dad for example… He is 72 years old and very new to the world of computers.. He really does not know what types of files are ok and which ones are bad.. If he was on iChat and a file popped up with say a title of “Grandkids Pics,” he may very well click on it..
What I’m saying is just because someone accidentaly installs this type of file on their computer does not mean they are an idiot… Not all people are as technically savvy as use MacHeads are…
UNO:
Leap A CANNOT spread on the Internet. It is a LAN worm. Or virus maybe since it can’t spread by itself. YOU CANNOT get this malware!
DUO:
Even on a LAN Leap A CANNOT infect Macs in their default config! You have to change iChat to use Bonjour. Have you EVER met anyone who changed that setting? I sure haven’t.
But man, watch the FUD fly this week. Some Windows users are really threatened by Apple’s success, methinks!
Leap A only spreads via Bonlour iChat, which has a limited range, to say the least.
“It is a LAN worm”
Didn’t I see those in Dune? (j/k)
Quoth Reality Check: “Windows NT has DoD “Orange Book” C2 Security Accreditation and the UK Government equivalent.
MacOS hasn’t even been accredited at the basic level.”
In that case why does the US Dept of Defense use Macs. In the UK I doubt Apple even tried for security accreditation as the government are so far up Billy G’s ass. This would explain why they don’t have it – assuming of course you are correct.
Tacitus you are right there the British Govt thinks that Billy boy Gates is the new kid on the block. They rather like those popular beat combos as well by all accounts.
Uh, “Reality Check,” the people whose bread and butter is IT security, are exactly the same people who install Windows everywhere.
Then they can charge to fix Microsoft’s crud.
IT is the opposite of security.
You have a better chance of getting something off one of those stupid AOL CD’s you get in the mail than this virus ever spreading past two computers.
The mainstream press has been so out of whack on this issue, the reuters article that was still showing up yesterday called it the first mac virus.
None of this matters -let alone Orange Book “theoretical world” security for Win as Reality Check likes to remind us. What matters is real world damage.
There is nothing to be compared. Winbox users are in the shit as ever, Apple users don’t have anything to fear – let alone from these recent efforts…
Wow.
Just….. wow.
Reality Check:Security through obscurity is great, but doesn’t convince those whose bread and butter is IT security. If a C2 accredited OS can have the problems that WinNT does, just imagine the potential for MacOS.
Malware for MacOS is only a matter of time. The script kiddies are just saving up for their first Mac. Don’t be smug.
You trying to be the new sputnik or are you just trolling?
The point here is that this article blatantly misrepresents this little piece of crapware. The only thing Leap A spreads without knowledge is FUD from the PC world. The PC die hards have been waiting for this moment – a crumb to grab onto, no matter how small. And they say Mac users are on kool-aid.
Reality Check: I am not saying malware attempts will never happen, but it’s doubtful a weakness would get exploited. And even if one did, you can bank on this:
A. Apple will come out with an update very quickly.
B. Mac OS X: 1, Windows: 10,000?
C. Apple would never charge users for security service.
So, until then, enjoy patching while I’m working.
the article is also factually deficient. This is not the first malware for the Mac or even OS X. Doesn’t anyone remember Opener?
Tommy Boy, don’t be a dick. You can’t favorably compare a 1970’s Gran Torino to ANY car nowadays.
Hell, I don’t even know if you could back then.
Andy C.
I guess it depends on you definition of the word Malware. I consider Malware to be malicious softare that can’t do anything without the victim providing some help. An example of this could be downloading Toast via Limewire and installing it, only to find out afterward you actually just installed a program that deletes your email inbox and had nothing to do with Toast. You would have to give the application your administrator password in order for it to install, so the app could go wherever and do anything an administrators account can. There is no security measure that could be provided by Apple or others beyond the common sense warning to not download stuff from people you don’t trust.
Anything that can install itself without the victim helping or even knowing I consider to be either a virus or worm. Certainly a virus is a malicious application, therefore I see why it could be called “malware”, but I prefer to group each type of evil software under just one catagory.
I do agree with you that the amount of damage or the ease of which that damage could be acheived is not the same from platform to platform. Again, I was using a different definition of “vulnerable” than you are. I consider the succesful installation of a malicious program on a victims Mac to be a 100% security failure, even if the program did NO ACTUAL damage. If you go futher and attempt to guage the amount of damage done by the offending program than I would also agree with your other points.