Another overreaction to a Mac malware sighting
A new Trojan horse directed at porn-viewing Mac users has touched off the usual barrage of “now those smug Mac owners will get their come-uppance” articles. The exaggerated tone – particularly in some of the headlines – is completely out of proportion with the threat.
A few examples:
“New Apple Trojan Means Mac Hunting Season Is Open" – Wired
"Fortress Mac Is Gone: Malware breaches the Mac moat" – eWeek
“Porn Trojan ushers in new era for Mac security” – ZDNet UK
“Macs seized by porn Trojan” – The Register (UK)
Representatives of security software firms have jumped on reports of the Trojan as evidence Macs are really no safer than Windows PCs, a not-so-subtle suggestion that Mac users need to buy their anti-virus software.
I’m not saying the Trojan, called OSX.RSPlug.A, poses no threat. It’s real and it’s out there. But it’s not spreading like wildfire. A Mac user needs to do a lot of dumb things to get infected.
First, the Trojan is embedded in porn sites, so if you’re not using your Mac for porn you should be safe. If you do enjoy porn on your Mac (I’m not judging you, but you’re the target here), it still requires some effort to get infected.
Here’s how it works: When you click on a booby-trapped porn video, a window pops up telling you that you lack a certain video plug-in and then asks if you’d like to download it. If you click OK, your Mac will download a disk image that contains the Trojan. You then need to mount the disk image by double-clicking on it (this step could be done automatically by your browser depending on how you have set your preferences).
If you double-click on the installer that appears in the disk image window, the Mac will ask you for your administrator password before proceeding. This is a security measure built in to Mac OS X designed to prevent malware like this Trojan from installing itself in the background. If you ignore this red flag, type in your password and click OK, the software finally will install the Trojan on your Mac.
Once on your Mac, the Trojan changes some network settings to redirect your Web browser to fraudulent sites set up to trick users into surrendering personal information such as credit card or bank account numbers. Technically known as “phishing” scams they turn up even more frequently in scam e-mails designed to look as if they were sent from a legitimate business, such as PayPal or a large bank.
A Trojan for the Mac is a bad thing, but it relies on the user’s ignorance for success. You can’t get infected just by browsing the Internet or even just by visiting particular porn sites. With a lot of Windows malware, the user gets infected quietly in the background, without any of the user interaction the new Mac Trojan requires.
This does not mean, as some articles have implied, that Macs are now just as likely to be infected by malware as Windows PCs. There are still hundreds of thousands of viruses, worms and Trojans in the wild that target only Windows. Despite the appearance of this Mac-specific Trojan, there are no Windows-like worms or viruses that can spread from Mac to Mac without the knowledge of the user.
That said, no system can be made immune to malware that employs “social engineering” – that is, user gullibility -- to do its dirty work. That’s as true of Macs as any computing platform. A new Trojan targeted at OS X is an incremental increase in the malware threat to the Mac, but nothing to panic over.
Mac OS X may not be invulnerable, but the hackers have not yet shown it’s so easy to crack that ordinary users need live in fear.
Comments
Well, since Mac users are generally brighter than your average PC user, there should be very few problems from this one.
Just another knee-jerk (heavy emphasis on the 'jerk') reaction from illiterate 'journalists' who obviously don't have a clue what they're writing about.
Posted by: Vale | November 2, 2007 7:56 PM
"When you click on a booby-trapped porn video..."
"booby" as in "aaah boobies"
Tell me you wrote that by accident?!
Posted by: RichS | November 2, 2007 8:18 PM
Thank you for a true evaluation of the so called Virus or Trojan Horse, it doesn't meet the definition of either. The makers of Security software should take note that a lot of Mac users have long memories, and don't like being lied to. I for one will think twice before I purchase anything from these liars.
Posted by: Thomas Carley | November 2, 2007 8:19 PM
David, let me say thanks for clarifying the obvious.
Anyone can get infected if they give their computer full access to untrusted code, regardless of operating system.
This is why Apple should offer some sort of "Deep Freeze" option. Basically if malicious software is installed, by accident or a rare exploit (if it ever occurs), the OS will self check itself from a safe encrypted partition. If things don't look right, the offending data is sent to Apple and the drive reverted back to the original state before the offending install occurred.
Needless to say I have used Mac's since day one, only got one WDEF virus about 18 years ago. Thats it, nothing else. No anti-malware software needed, but I do take precautions, enable my firewall, run updates and trust the source of my downloads.
I highly recommend Macs with Mac OS X if you desire the safest in computing online. The total cost of ownership is substantially lower than a Windows PC.
Macs are also price competitive with their similar equipped PC brethren. Mac OS X works like Windows, it's a similar GUI with things just placed in slightly different areas, most people have no problem switching over because it is still a computer, just a better OS and hardware integration which eliminates a lot of problems.
One can also run Windows and Mac OS X on the same Mac hardware, but of course Windows side will need the anti-malware and other protections like a PC.
Once you go Mac OS X, you won't go back, it's like driving a great car, you'll want to do it all the time.
Posted by: SafeMac | November 2, 2007 8:39 PM
To the poster who said it's neither a virus nor a Trojan, well, you're wrong. It meets exactly the definition of a Trojan horse.
You can keep your head in the sand as long as you want, but Macs are not impervious to malware. This one requires user interaction, but lots of users are dumb enough to enter their passwords when installing software without being sure what it will do.
Posted by: peter | November 3, 2007 6:13 AM
This malware attack is equal to driving into a bad neighborhood, walking up to the local crack house, sticking a wallet full of cash through the door slot and yelling "police!"
Something is bound to happen and none of it good.
However the poster "peter" does have a point, that too many applications that have no purpose needing the full access to the Mac OS is asking very that by demanding a admin password to install.
Sure one may trust the source of a well known app to give it admin access, but programmers make mistakes like anyone else. The more apps "hook" into the OS, the more chance for root level exploitation.
95% of exploits are in applications.
Posted by: Mark C | November 3, 2007 12:44 PM
SafeMac, what you're describing with the "Deep Freeze" option sounds very similar to some of Time Machine's features in Leopard.
Peter is right, this malware does meet the definition of a trojan.
Posted by: jdb | November 3, 2007 9:40 PM
When the user said that lots of users are dumb enough to install this type of malware on a Mac, he obviously is a PC user. The reason that there is malware and Trojans is because of the success of such viruses on the PC platform. After 10 years of re-installing windows every three months, I'm now a Mac user and I am not going back. Windows users keep living in your dream world, you bought Vista right.
Posted by: Dave | November 5, 2007 7:45 AM
"Well, since Mac users are generally brighter than your average PC user..."
Lol - good one... Mac was practically built on the idea that its user base is computer illiterate. Just look at the single button mouse... It's the PC users that have more brain than money, if anything (they're not the ones paying for overpriced pieces of proprietary garbage)...
Posted by: Anonymous | November 5, 2007 9:49 AM
Better stay anonymous, head in the sand, can't tell a better system when you see it, (infected) windows outlook user.
Posted by: bart | December 9, 2007 10:01 PM
I'm not a mac user so I'm just wondering. Are you saying that the video player plugin would never ask for the password if it wasn't malware?
Posted by: Tobbe | April 8, 2008 8:51 AM