Worm Hitting OSX
Apple users are known for their pride when it comes to anything related to the company. Even though any hardware that comes with the Apple logo costs an arm and a leg, people have all sorts of excuses on why it’s better than others in the market. Security is one of the most touted reasons why people would go with Macs than be hobbled by Windows. The plot however, has changed.
One reason for the Mac’s low susceptibility to malicious attacks is because the OS is based on the UNIX kernel, which is more stable than Windows’ proprietary architecture. Also, the Macs with single digit market share did not prove to be a very attractive target for professional hackers, who usually aim at inflicting maximum damage. In the last two years, however, things have changed.
The visibility of Apple has increased in the personal computing space. The iPhone’s stunning success has also contributed a lot to the visibility of Leopard, its operating system. Restricted till now to the personal segment, Macs are being used in the enterprise segment too. In the server segment, for long dominated by UNIX and Windows, Apple has released a slew of its own products. Some of them are used in mission critical role in organisations, which has raised the stakes a lot higher in the cat-and-mouse game played by security researchers and cyber criminals.
The latest in the series of malicious threats targeting OSX is a Trojan horse named ASthtv05. Analysts from SecureMac, a security firm has classified the Trojan as critical and issued an all points alert for it. This Trojan can compromise the latest patched versions of Leopard and virtually take control of the infected computer. It gains administrator privileges after the user opens an infected file. It then opens ports in the firewalls, log keystrokes, transmits usernames and passwords, takes pictures with the iSight Web camera and turns on file sharing. It also hides in the background and might turn off system logging, so that the user has no way of knowing that the computer is infected.
Uncovered in a hacker’s forum, the source code of this malware is freely available. This has led researchers to believe that several variants of the exploit code may ultimately be found in the wild. Currently Apple has not said anything about this threat, though SecureMac’s security software can disable the Trojan. However, the researchers remained confident that Apple would release a patch for the exploit as soon as possible.
Till then, Apple users are advised to bite carefully.