Who said Macs are immune to viruses? Some malware makers aim to bust that myth with a Trojan horse that's being downloaded across the Internet.
Mac security software firm Intego identified a Trojan on Wednesday that affects computers running Mac OS X. The malware was found on some pirated copies of Apple's new iWork 09 productivity suite on peer-to-peer sites. iWork is Apple's answer to Microsoft Office.
"The installer for the Trojan horse is launched as soon as a user begins the installation of iWork, following the installer's request of an administrator password," Intego said. "This software is installed as a start-up item (in /System/Library/StartupItems/iWorkServices, a location reserved normally for Apple start-up items), where it has read-write-execute permissions for root." In Mac OS X 10.5.1 or earlier, there will be no password request.
Once installed, the virus, called OSX.Trojan.iServices.A, connects to a remote server, where a cybercriminal is alerted that the virus is installed. At that point, criminals can begin connecting to the infected Mac to perform various actions. The virus may also download additional data to an infected Mac.
Anyone who downloads a pirated copy of iWork 09 is not only breaking Apple's copyright, but risks becoming infected, according to Graham Cluley, a senior security consultant at Sophos. Like much of the Windows malware we see, he said, that Trojan horse is designed to turn computers into bots (Web robots), which hackers can abuse for whatever nefarious purpose they like, including sending out spam or stealing identities.
"Of course, you would be crazy to download any commercial copyrighted software from a (BitTorrent) site, but that doesn't seem to stop lots of people from doing precisely that," Cluley said. "It's particularly absurd when you realize Apple makes available for free download a 30-day trial version. And so it's understandable that some Apple fans might think that only an idiot would be hit by this Trojan horse."
Mac Users: Wake Up!
Beyond the initial poor decision, security researchers say there is a point here. Hackers are increasingly looking with greedy eyes at the Apple user community -- a community Cluley said is acting much more recklessly when it comes to defending against malware than their Windows-using cousins.
"Yes, the amount of malware for Mac is tiny compared to Windows. But it's growing, and it's being written for the purposes of creating botnets and making money," Cluley said. "Mac users would be foolhardy not to take threats like this seriously."
In December, an Apple knowledge-base article said running antivirus software on a Macintosh is a good idea. Apple encouraged it, saying the widespread use of multiple antivirus utilities makes it more difficult for virus writers. Apple recommended Intego VirusBarrier X5, Symantec Norton AntiVirus 11 for Macintosh, and McAfee VirusScan for Mac. Apple later pulled the article, however.
Noteworthy is the fact that although Apple is known for a virus-resistant platform today, in the 1980s and early 1990s the Mac was among the top platforms for spreading malicious code. That changed with the introduction of Windows 95 and the Internet. Security researchers recommend Mac users stay protected with security software.