End the dead-end job. Train today for an IT Career!
I happen to have the ‘good fortune’ of having more than one Apple Fanboy amidst my network of associates and they are all downplaying the latest round of Flashback-based malware infections on the Mac as being ‘unusual’ and ‘nothing to worry about’ and they still insist that installing anti-malware software is pointless. Same thing they have been telling me for just about a decade.
Contrary to what the Fanboys say, Mac OS X has been hit with viruses and worms in the past. Flashback is not the first. Malware specifically targeting the Mac OS X platform starting appearing as early as 2004. Apple computers have never been ‘immune’ to malware and spyware, contrary to Apple’s advertising, and Apple computers have been part of the earliest history of virus development, beginning with Elk Cloner which predates the first PC virus “Brain” by about 4 years. Yes, owners of Apple products had to worry about viruses four years before PC users did…
Here’s the a small sample of the kinds of malware targeting Apple computers that I could dig up in a quiet evening at home from the web. This list of Apple Malware is far from complete:
- 1982 - Mac Virus Elk Cloner (created by Richard Skrenta). A boot sector virus attacks the Apple II. This predates the first virus on Windows computers, so Apple computers got viruses before PC’s did. Dwindling market share protected the Apple computers–just wasn’t worth the hacker’s effort.
- 1992 – INIT 1984 – Triggers on Friday the 13th on any computer running MacOS (pre-OS X)
- 1994 - Mac Virus INIT-29-B modifies system files and applications, crashes the early Macs.
- 1995 - HyperCard Virus HC-9507 embeds itself in all HyperCard stacks.
- 1987 - nVIR Virus. Spread by infected floppies.
- 1988 - HyperCard viruses start appearing
- 1990 - MDEF (Garfield) infected the operating system files.
- 1998 - Hong Kong / AutoStart 9805 infects via the AutoPlay feature of QuickTime.
- 1998 - Sevendust / 666
- 2004 - OSX /Renepo (opener) script worm
- 2006 - OSX/Leap-A (OSX.Oomp). First ‘official’ Mac OS X virus. Actively infects via iChat buddy lists.
- 2006 - Inqtana worm and virus
- 2006 - Macarena - Proof of Concept worm
- 2007 - BadBunn; also OSX/RSPlug (DNS Changer) – Persisted till 2011 due largely to the myth that Macs are immune, so Mac users did not patch or protect their systems.
- 2008 - MacSweeper scareware, Imunizator scareware
- 2008 - AppleScript.THT that spreads via the Remote Desktop Agent feature by using a tunnel to hide itself from the firewall and allow remote hackers complete access and control of the Mac.
- 2008 - OSX.Lamzev.A - Opens a backdoor to allow hackers to control your Mac remotely
- 2008 - OSX.Trojankit.Malez - Opens a backdoor to allow hackers to control your Mac remotely
- 2008 - OSX/Hovdy-A trojan horse
- 2008 - Troj/RKOSX-A - SPAM with link to malware ridden video website, site prompts user to download ’video codec’ (actually the RKOSX-A trojan) to view video
- 2009 - OSX.Iservice and OSX.Iservice.B in pirated copies of iWork ’09 and Adobe Photoshop CS4. Steals passwords and installs iBotNet bot.
- 2009 - MacCinema trojan video viewer (RSPLug variant)
- 2009- Tored e-mail worm, with Jahlav Mac Trojan posing as video codec for a supposed adult website
- 2010 - OSX.Keylogger -yes, Macs get hit with keyloggers too.
- 2010 - OSX/HellRTS (OSX/Pinhead) Trojan backdoor, disguised as iPhoto.
- 2011 – Weyland-Yutani Crimeware kit (for script kiddy use) specifically designed to target Macs.
- 2011 - OSX.Revir - Downloader. Downloads other files and viruses.
- 2011 - OSX.Devilrobber.A/ OSX/Miner-D - Password stealer and shoulder surfer (watch your online banking!), Bitcoin miner
- 2012 - OSX.Flashback.K aka Trojan-Downloader.OSX.Flashfake.ab (CVE-2012-0507) – Already has infected more than 600,000 Macs worldwide with a bot and may still be growing due to proselytizing Mac Fanbois still insisting that “Macs are immune to all malware”–contrary to all evidence (see above). Flashback gathers user information from the computer and opens a back door on the computer so hackers can get in.
- 2012 – SabPub - OS X backdoor
- and the list continues….
So, truely, the myth of Macs being totally immune to malware is busted.
Apple products are manufactured by other vendors under the Apple logo and that hardware isn’t any different or better than hardware you’d find in your average PC. There is no ‘magic’. Buying Mac OS X doesn’t buy a great deal of protection these days as it only takes 1 vulnerability to exploit a system and Apple took 2 months to release the patch for the Sun Java exploit that allowed Flashback to grab over 600,000 Mac OS X boxes.
However, malware is the least of your worries. Social engineering and SPAM are platform-agnostic and are equal-opportunity offenders. Criminals will go after anyone they can, and the less computer-savvy the person is, the more they like it.
I’m paranoid about the web, and with good reason.
The #1 way hackers get into computers today is through your web browser from an infected website. The battle for control of your computer has spread from e-mail and attachments. Another battlefront has opened up on your web browser. A large number of big-name sites have been hacked recently and nobody is completely sure just what the hackers made off with. Hackers use DNS spoofing to trick computers into coming to an infected website, so you can’t completely be sure that you ended up on the website you intended to visit. They also buy up common misspellings of big sites to catch anyone that makes a typo.
Hackers have been using SQL injection vulnerabilities to break into websites for years (it is in fact one of the primary ways hackers get into a server), and these vulnerabilities still go unpatched. Now they are infecting websites in order to set up complex computer/browser/plugin fingerprinting engines that detect vulnerable versions. These engines deliver attacks custom-tailored to infect the visitor’s computer with slimy botware. Take out the cookies, pop-ups, plugins and JavaScript and you’ve stripped your attack surface these engines can attack, down to just your web browser. But this makes browsing less user friendly and a lot more frustrating in the short term, and confusing for people who aren’t technical.
Of course, whenever someone starts talking about a really secure platform, the Mac fanboys jump right in to tell me how secure Apple MacOS is–never mind that the MacOS/Safari combo gets hacked every year (2007, 2008, 2009, 2010,2011) during PWN2OWN at CANSECWEST. Never mind that the hackers have now developed a crimeware kit for the Mac, which means Mac users will need to be on the lookout for a deluge of malware from now on.
With so much dangerous malware and so many threats, how do I stay secure online?
Thought your Mac was secure? Did you know it is possible to turn the battery into a dead brick, or worse, possibly make it overcharge? How about permanently infect your computer (at least until the battery is replaced)?
So you thought Mac OS X 10.7 “Lion” was secure, and rushed right out and bought it? Passware discovered that the logon password can be extracted from a Mac running OS X 10.7 Lion, even when the system is locked or asleep.
Blocking Russian and Chinese SPAM is actually fairly easy. Unless you communicate in Russian or Chinese, just delete any e-mail that contains any of the special characters either of those languages use. I’ll admit that Chinese is a bit harder, since there are over 3000 characters in their ‘alphabet’, but using the top 30 or 40 characters should block most of the SPAM.