Microsoft detects new malware targeting Office for Mac flaw, trots out Security via Obscurity myth

“Microsoft has detected a new piece of malware targeting Apple OS X computers that exploits a vulnerability in the Office productivity suite patched nearly three years ago,” Jeremy Kirk reports for IDG News Service.

“The malware is not widespread, wrote Jeong Wook Oh of Microsoft’s Malware Protection Center,” Kirk reports. “But it does show that hackers pay attention if it’s found people do not apply patches as those fixes are released, putting their computers at a higher risk of becoming infected.”

Kirk reports, “The exploit discovered by Microsoft doesn’t work with OS X Lion, but does work with Snow Leopard and prior versions… Microsoft advised those who use Microsoft Office 2004 or 2008 for Mac or the Open XML File Format Converter for Mac to ensure those products have applied the patch. ‘In conclusion, we can see that Mac OS X is not safe from malware,’ Oh wrote. ‘Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase.'”

Read more in the full article here.

MacDailyNews Take: Statistically speaking, Microsoft makes crap software that we wouldn’t allow within a mile of our SSDs.

“Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase.” Note the lack of the word “successful” before “attacks” in the Microsoft FUDster’s weak attempt at equivocation.

Yet again, for the umpteenth time — sigh — it is utterly illogical to state or imply that the Mac platform is secure via obscurity. Why, if obscurity means security, in April 2007 was there a virus for iPods running Linux (a few thousand devices total, to wildly overestimate, in all the world), but there are no viruses in eleven, yes eleven, years for the some 60 million Mac OS X computers that are currently online?

The idea that Windows’ morass of security woes exists because more people use Windows and that Macs have no security problems because fewer people use Macs, is simply not true. By design, Mac OS X is simply more secure than Windows. Period. For reference and reasons why Mac OS X is more secure than Windows, The New York Times’ David Pogue, long ago providesd a concise mea culpa on the subject of the “Mac Security Via Obscurity” myth here.

“In conclusion, we can see that Mac OS X is not safe from malware” when you install Microsoft crapware.

Related articles:
Security experts: Apple did OS X Mountain Lion’s Gatekeeper right – February 16, 2012
OS X Mountain Lion’s Gatekeeper slams the door on Mac trojans – February 16, 2012
Apple releases OS X Mountain Lion Developer Preview; public release coming in late summer 2012 – February 16, 2012

The Microsoft Tax: Critical Windows flaw affects millions of high-value PCs with self-replicating attacks – March 13, 2012
The Microsoft Tax: Virus infects Windows PC control systems of US Predator and Reaper drones – October 8, 2011
The Microsoft Tax: ‘Indestructible’ botnet attacks millions of Windows PCs; Macintosh unaffected – July 1, 2011
The Microsoft tax: Stuxnet computer worm infects Microsoft’s porous Windows OS; Mac unaffected – September 27, 2010
The Microsoft Tax: New undetectable Windows trojan empties bank accounts worldwide; Mac unaffected – August 11, 2010
The Microsoft Tax: Windows zero-day flaw exposes users to code execution attack; Mac unaffected – August 09, 2010
The Microsoft Tax: Critical flaw lets hackers take remote control of Windows PCs; Mac unaffected – August 07, 2010
The Microsoft Tax: New attack bypasses every Windows XP security product tested; Mac unaffected – May 11, 2010
The Microsoft Tax: McAfee correctly identifies Windows as malware; Macintosh unaffected – April 21, 2010
The Microsoft Tax: DNS Windows PC Trojan poses as iPhone unlock utility; Mac and iPhone unaffected – April 15, 2010
The Microsoft Tax: 1-in-10 Windows PCs still vulnerable to Conficker worm; Macintosh unaffected – April 08, 2010
The Microsoft Tax: 74,000 Windows PCs in 2,500 companies attacked globally; Mac users unaffected – February 18, 2010
The Microsoft Tax: Widespread attacks exploit Internet Explorer flaw; Macintosh unaffected – January 22, 2010
The Microsoft Tax: Windows 7 zero-day flaw enables attackers to cripple PCs; Macintosh unaffected – November 16, 2009
The Microsoft Tax: Windows 7 flaw allows attackers to remotely crash PCs; Macintosh unaffected – November 12, 2009
The Microsoft Tax: Windows virus delivers child porn to PCs, users go to jail; Mac users unaffected – November 09, 2009
The Microsoft Tax: Worms infest Windows PCs worldwide; Mac users unaffected – November 02, 2009
The Microsoft Tax: Banking Trojan horse steals money from Windows sufferers; Mac users unaffected – September 30, 2009
The Microsoft Tax: Serious Windows security flaw lets hackers to take over PCs; Macintosh unaffected – July 07, 2009
The Microsoft Tax: Windows Conficker worm hits hospital devices; Macintosh unaffected – April 29, 2009
The Microsoft Tax: Conficker virus begins to attack Windows PCs; Macintosh unaffected – April 27, 2009
The Microsoft Tax: Conficker’s estimated economic cost: $9.1 billion – April 24, 2009
Millions of Windows PCs taken over by hackers, including UK and US gov’t machines; Macs unaffected – April 22, 2009
Conficker worm hits University of Utah’s Windows PCs; Apple Macs unaffected – April 13, 2009
Windows Conficker kicks into action, able to steal data from infected PCs; Macintosh unaffected – April 10, 2009
Windows Conficker worm awakens, updates via P2P, begins to drop payload; Macintosh unaffected – April 09, 2009
Millions of infected Windows PCs set to go off on April 1; Macintosh unaffected – March 31, 2009
Millions of infected Microsoft Windows PCs face doomsday on April 1; Macintosh unaffected – March 24, 2009
Windows data-stealing ‘Tigger’ trojan infects stock trading firms; Macintosh users unaffected – March 10, 2009
French navy fighter planes grounded by Windows worm; Mac-based naval systems unaffected – February 25, 2009
Houston courts shut down due to Windows virus; Macs unaffected – February 10, 2009
Windows virus knocks out Vancouver school computers for three weeks and counting; Macs unaffected – January 31, 2009
Massive Windows virus with mystery payload continues to spread rapidly; Macintosh unaffected – January 26, 2009
Massive Windows virus continues rapid spread, also affects Vista, Windows 7; Macintosh unaffected – January 21, 2009
Windows PC worm infection numbers skyrocket; Macintosh unaffected – January 19, 2009
Dangerous new sleeper virus exposes millions of Windows PCs to hijack; Macintosh unaffected – January 16, 2009
Zero-day attack targets all versions of Internet Explorer; Mac users unaffected – December 12, 2008
Windows worm loose on International Space Station; Mac-using astronauts unaffected – August 27, 2008
Microsoft inflicts Internet Explorer 8 Beta; Mac users unaffected – March 05, 2008
Gathering ‘Storm’ superworm poses grave threat to Windows PCs; Apple Macs unaffected – October 19, 2007
Windows virus cripples Florida newspaper; Mac-based publishers unaffected – March 02, 2007
Insidious Windows virus threatens business networks worldwide; Macintosh unaffected – March 01, 2007
Windows ‘Storm Worm’ rages across globe; Apple Macintosh unaffected – January 19, 2007
Sony, Gracenote sound alarm over Microsoft flaw; Macintosh unaffected – September 19, 2006
PowerPoint zero-day attack compromises data in infected Windows PCs; Mac OS X unaffected – July 21, 2006
Windows PC users infected with worm face loss of all Microsoft, Adobe files; Mac users unaffected – January 31, 2006
Microsoft Windows’ Zero-Day WMF flaw threats widespread; Macintosh unaffected – December 29, 2005
Microsoft Windows virus spreads rapidly; Apple Macintosh unaffected – November 28, 2005
Windows users fall victim to huge ID theft ring, 50 banks in danger; Apple Mac users unaffected – August 25, 2005
Quickly spreading Microsoft Windows worm affects CNN, ABC, NY Times; Apple Macintosh unaffected – August 16, 2005
‘Zotob’ worm rapidly infects Microsoft Windows; Macintosh unaffected – August 15, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Microsoft warns of critical Windows flaws; unaffected Mac users just continue working – June 15, 2005
Michael Jackson suicide spam hides Windows virus; Macintosh unaffected – June 10, 2005
Windows Sober.p poised to attack this Monday; Macintosh unaffected – May 21, 2005
Microsoft Windows Sober.P worm shows ‘epidemic’ spread; Macintosh unaffected – May 03, 2005
Anzae/Inzae worm affects all Windows versions after 3.1; Macintosh unaffected – December 28, 2004
Windows Mydoom worm variant spreading in the wild; Macintosh unaffected – November 09, 2004
Windows XP worm speaks to users as it deletes their files; Macintosh unaffected – September 13, 2004
Millions of Windows PC’s hijacked by hackers, turned into zombies; Macintosh unaffected – September 08, 2004
Windows ‘Zindos’ virus spreads, attacks; Macintosh unaffected – July 29, 2004
New Windows Bagle virus variants spread; Macintosh unaffected – July 16, 2004
Windows Lovegate worm variant renders computers useless; Macintosh unaffected – July 08, 2004
Windows Scob virus collects passwords, financial data; Macintosh unaffected – July 05, 2004
Windows ‘Scob’ virus designed to steal financial data, passwords; Macintosh unaffected – June 26, 2004
Windows users warned of infectious Web sites that take over computers; Mac users unaffected – June 25, 2004
Windows Korgo virus ‘aggressively stealing’ credit card numbers; Macintosh unaffected – June 04, 2004
First Windows 64-bit virus appears; Macintosh unaffected – May 27, 2004
Windows Wallon virus wipes out Microsoft Media Player on infected PCs; Macintosh unaffected – May 12, 2004
Windows Sasser worm mutates, knocks out banks, EC; Macintosh unaffected – May 04, 2004
Windows Sasser worm severely disrupts UK coastguard; Mac users remain unaffected – May 04, 2004
Windows Sasser net worm spreading rapidly; Macintosh unaffected – May 03, 2004
Sen. Edward Kennedy’s Apple Mac-based office totally unaffected by viruses – March 22, 2004
Five new Windows Bagle virus variants break nasty new ground; Macintosh unaffected – March 19, 2004
Windows worm, virus outbreaks intensify; Macintosh unaffected – March 03, 2004
Destructive MyDoom.F virus deletes Windows users’ files; Macintosh unaffected – March 01, 2004
Netsky-D Windows worm spreading; Macintosh unaffected – March 01, 2004
Windows users suffer five new Bagle worm variants; Macintosh unaffected – March 01, 2004
New MyDoom Windows worm deletes random files; Macintosh unaffected – February 25, 2004
Windows NetSky e-mail worm spreading; Macintosh unaffected – February 18, 2004
Windows virus ‘Bagle.B’ spreading; Macintosh unaffected – February 17, 2004
‘Doomjuice’ worm emerges, targets Microsoft; Macintosh unaffected – February 10, 2004
New version of Mydoom Windows virus appears, attacks Microsoft; Macintosh unaffected – January 28, 2004
Latest Windows virus ‘MyDoom’ sets new infection records worldwide; Macintosh unaffected – January 27, 2004
‘MyDoom’ Windows virus spreads rapidly; Macintosh unaffected – January 26, 2004
New Windows worm spreading ‘hard and fast’ worldwide; Macintosh unaffected – January 19, 2004
Florida students patch 360 PCs in marathon session due to Blaster virus; their Macs unaffected – October 01, 2003
Pennsylvania school district’s PCs infected with virus; their Macs unaffected – October 01, 2003
New ‘Swen worm’ masquerades as Windows Security Update; Macintosh unaffected – September 19, 2003
University of Illinois still patching all Windows machines; Macintosh unaffected – September 05, 2003
Montana school district’s Windows computers offline due to worm; Macintosh computers unaffected – September 03, 2003
A tale of two school systems: Windows schools crippled while Mac schools unaffected – August 21, 2003
SoBig virus variant rapidly inflecting Windows machines; Macintosh unaffected – August 19, 2003
Windows Blaster worm to attack Microsoft on Saturday; Macintosh unaffected – August 13, 2003
MBlast Worm spreads through flaw in Windows; Macintosh unaffected – August 11, 2003
Hackers hijack Windows PCs for porn serving; Macintosh unaffected – July 11, 2003
Palyh Worm strikes Windows users worldwide; Macintosh unaffected – May 19, 2003
Microsoft bug exposes millions to attack; Macintosh unaffected – November 20, 2002


    1. I dont see any… 😉

      Now I love how microsoft… Shows a flaw in Microsoft products… And blames apple…

      Only ms (and it’s followers..) can be that stupid.

  1. Have you noted that latest Mac OS treats come form external companies and not from the OS X itself?
    those so called “Security” companies have to lear to differentiate from a “Insecure OS” from an “INSECURE SOFTWARE”
    90% of the treats in windows came from flaws in windows itself, not from third party applications.

    1. Troy, I scanned back through several months of Qualys weekly vulnerability reports and I’d have to guess that the number of bugs in Windows (all versions) versus Microsoft applications is about 20%/80%, and naturally even lower when compared against all apps for Windows.

  2. If Apple would make iWork just a bit more robust for enterprise, I would gladly toss Office. I have both suites, but the former has certain limitations in terms of file merging etc. Apple hasn’t paid much attention to iWork for Mac OS X in who knows how long.

  3. “putting their computers at a higher risk of being infected.”

    That’s so rich. First of all, unpatched means it’s at the *same* level of being infected as before. Secondly, installing Microsoft software is what put your computer at risk of infection. One might ask what privileges Microsoft installer asked of the user that allows for this and why they really need those privileges.

  4. “In conclusion, we can see that Mac OS X is not safe from malware”

    Microsoft fails so badly at programming that their software punches security holes in Mac OS X, and then they use it as ammunition to say “Look! OS X isn’t safe from malware!”?

    It isn’t safe from malware in this particular instance BECAUSE OF YOU INCOMPETENT ASSHOLES AND YOUR SHITTY SOFTWARE.

    Oh Jeongwook, you total and utter pabo.

  5. Another example of the stupidity of the ‘security through obscurity’ canard: The infamous Witty Worm spread through a population almost an order of magnitude smaller than that of previous worms, demonstrating the viability of worms as an automated mechanism to rapidly compromise machines on the Internet, even in niches without a software monopoly.

    Witty TOTALLY infected a world-wide susceptible population of just 12,000 systems in 45 minutes. Obscurity didn’t help those victims…

  6. Microsoft Office has yet-another security hole. Therefore, Microsoft FUD Apple security. Yeah, that makes sense. I swear they have lead in the water over at Redmond. 😯

    LUSER Syndrome:
    it does show that hackers pay attention if it’s found people do not apply patches as those fixes are released, putting their computers at a higher risk of becoming infected. This problem is rampant no matter WHAT computer platform. NOT Apple’s problem. It’s the USER’S problem. It is akin to social engineering. Some people just don’t understand best practices for computer security. That includes the #1 Rule of Computing: Make A Backup!

    Raw stinking bullshite:
    Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase. NO. This myth began in 2005 when Symantec started the ongoing anti-Apple security FUD campaign. There is ZERO evidence of this happening to the Mac platform. That’s because Mac OS X UNIX is fundamentally safer than MS Windows, like it or not. No one said Mac OS X is perfect, dear FUD trolls. It is merely safer. THAT has actual statistical proof.

    Compare the current 82 active malware for Mac OS X with the well over 1000x MORE malware for Windows on a per user basis. This means that if both platforms had equal numbers of users, Windows statistically still has 1000x more malware. Now what does that SHOUT at you?

    Dear Anti-Apple FUD Mongerers:
    Please STFU and get lost. You too are LUSERS. 😛

  7. What 3rd party software attracts the most malware?

    1) Historically the longest offender is… Microsoft Office. Blame Microsoft, not Apple.

    2) Adobe Flash. Blame Adobe, not Apple.

    3) JavaScript. It used to be LiveScript, created by Netscape. Then Microsoft perpetrated JScript, creating major security vulnerabilities. Then Adobe joined in with ActionScript, adding further vulnerabilities. Does Apple have anything to do with JavaScript? NO.

    4) Java. How the frack Java went from being entirely safe on all platforms to being the single WORST malware vector for Mac is beyond my comprehension. Blame Oracle. Where Apple fell down was that they promised to keep Java SE 6 up-to-date for 10.6 and 10.7, but they failed with a lag of two months. THAT is Apple’s fault, but it is NOT Apple technology.

    So exactly what malware actually attacks Mac OS X? ZERO! The only way malware rats can get into Macs is either through one of the nasty 4 non-Apple technologies above OR via Trojan horses, which require LUSER behavior in order to be installed.

    Darn. No actual viral malware for Mac OS X itself. No rootkits. No hacking attacks. No cracking attacks. No viruses. No worms. It would be delusional to expect this to remain the case forever. But it points out that Mac OS X is indeed SAFER than Windows and even Linux. It pays to research the facts of the matter. FUD is worthless propaganda and nothing more.

    If you want a worthwhile FREE app to check for Mac malware, I suggest ClamXav. I personally have assisted in making the ClamAV project relevant and up-to-date for Mac users.

    Mac-Security @Blogspot

    1. so very true…

      Office, people should understand that Office is not only junk, but exactly what is stated above, virus/malware magnet.

      You have no idea how many time I have to explain the difference between a Virus and a Trojan horse to ignorant users. LUSER as you call them, I like it 🙂
      Virus=Software that Infects PC’s
      Trojan Horse=Software that Infects the USER, regardless of Platform.

      At least when it comes to security etc, I can’t find anything we disagree on.

      1. Kewl. BTW: ‘LUSER’ isn’t a term I invented. But sadly I find it to be the most descriptive for the phenomenon. My favorite example: If a computer user doesn’t make a regular backup, by definition they’re a LUSER. They are GOING to be caught losing data and people like me are going to be expected to conjure up a miracle to save their dead data. Yeah, we can make money off their newbie-ness, but that’s now how I roll. I’d rather everyone knew best practices and used them to save their own butts. Computers ≠ toasters.

  8. Plus! Anyone remember the old ‘Crack A Mac’ campaign?

    $10,000 to the first person to crack an unprotected OS 9 machine attached to a publicly accessible and well-publicised IP address.

    The Mac remained uncracked and the prize unclaimed.
    That was in the 1990’s.

    For 2012: ClamX AV will keep you very safe.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.