Destructive OS X malware spies on Apple users

A malicious script that spies on Apple Mac users was discovered over the weekend. The malware, which has been dubbed ‘Opener’ by Mac user-groups, disables Mac OS X’s built-in firewall, steals personal information and can destroy data.

Security experts say these traits are common among the thousands of viruses targeting Microsoft’s ubiquitous Windows operating system but are virtually unheard of amongst the Apple Macintosh community.

Paul Ducklin, Sophos’ head of technology in the Asia Pacific, told ZDNet Australia that the malware, which Sophos calls Renepo, is designed to infect any Mac OS X drives connected to the infected system and it leaves affected computers vulnerable to further hacker attack.

Ducklin said Opener disables Mac OS X's built in firewall, creates a back door so the malware author can control the computer remotely, locates any passwords stored on the hard drive and downloads a password cracker called JohnTheRipper.

According to Ducklin, Opener tries to spread by copying itself to any drive that is mounted to the infected computer. This could be a local drive, part of a local network or a remote computer.

Most worryingly, according to Ducklin, this could be the start of a spate of malware that uses Mac OS X’s scripting features against its users.

"The existence of Unix shells -- such as Bash for which Opener is written -- and the presence of powerful networking commands opens up the game a little bit for Mac users. It is no longer necessary to know about Mac file formats or executables you can write your malware in script and if you really wanted to you could probably write a portable virus that would run on many flavours of Unix (and Mac)," said Ducklin.

Chris Waldrip, president of the US-based Atlanta Macintosh Users Group, posted a detailed description of Opener on the MacInTouch Web site.

According to Waldrip, who admits the malware has him "a bit spooked," Opener seems to have started out with a "legitimate purpose" but has now been developed into a replicating piece of malware.

"I'm not sure how this could be guarded against," he said.

Mikko Hyppönen, director of antivirus research at F-Secure, said that viruses targeting the Macintosh system virtually disappeared in the late 80s.

"Things have been really quiet on Macintosh-front, virus-wise. Back in the late 1980s, viruses used to be a much bigger problem on Macs than on PCs. We here at F-Secure used to have an antivirus product for Mac but discontinued it after the macro viruses died out," said Hyppönen.

Symantec said users of Norton AntiVirus for Mac OS X were protected as long as they had updated their signatures over the weekend. A spokesperson for the company said the relevant signature files had been available since Friday evening.

OLD news. There have been two security updates, and an incremental OS update (X.3.6 - X.3.7) since Opener came out. Those updates closed the vulnerabilities exploited by Opener.

The Mac OS has been designed, from the ground up, with security firmly in mind. I'm sure that more spyware will be written for the Mac, but the difference in terms of security problems between the Mac OS and Windows XP is laughable .... 7000 viruses for windows, 2 for the Mac OS. I'll gladly take a 3500 to 1 ratio any day of the week!

Strange that Gary always pings me with what he thinks is "bad news" for the Mac OS, but never when there's bad news or viruses for the Windows XP platform. But ... of course ... if he were to ping me every time a new virus comes out for Windows XP, he'd be pinging me all day and all night long, 7 days a week. :)

Oh, give it a rest. OS X is just as vulnerable as any other OS.

Hardly.

Firstly, Mac OS X is built upon a Unix core, which is an inherently superior to the Classic Mac OS as well as the DOS base of the Windows OSes prior to XP. Hence, based upon this, it is LESS intrinsically vulnerable than WindowsMe, Windows98, etc.

Secondly, Mac OS X's shells, which are built on top of the core, are designed with security in mind in ways that even XP is not. I don't think it is possible to *install* ANYTHING on Mac OS X without explicit user authorization. Anytime my computer attempts an automatic update to my OS or to any of the applications I have on my computer, I have to authorize EACH download and, then, EACH install, through the repeated individual input of my passcode. IF I were to activate my root user feature, I would become more vulnerable to someone monkeying with my OS, but I'm not that stupid ... I'm certainly NOT going to leave "root user" active, even if I periodically activate it to make some precise, critical change to the OS, that cannot be made with just Administrator permissions active.

Thirdly, as a matter of practical concern, the Mac OS does not have nearly as many wackos writing viruses for it because, to put it simply, there are not as many Macs in use as Windows-base PCs. Fewer targets means fewer people trying to shoot at them and fewer fish in the barrel to try and hit. HOWEVER, that is beginning to change -- particularly when one combines US and International sales.

But, even with this third condition, one would think that there are enough Mac-haters out there who are so wacked-out with disgust for anything Macin"trash" that there should be a noticeable number of them trying to harm the Mac OS, Apple Sales, and Mac Users. There SHOULD be a few dozen, or perhaps more, potential viruses, malwear, Trojan Horses, etc. Where are they? They don't exist. But, given the heated emotions on this subject, there SHOULD be a whole bunch of them. Based upon some of the email I've gotten from some who have tried to write viruses, as well as from friends who write legitimate software for the Mac OS and other platforms, I suspect that a whole bunch have tried to write such viruses ... tried and failed.

Finally, as the Mac OS X base continues to grow in user-numbers, it is entirely conceivable that enough wacked-out software authors will attempt to write viruses that some will, eventually, become successful. I don't doubt that, eventually, there will be some around.

Dredging up from the past, aren't we? That's 8-month old news ... and news about OS X.2 ... we're at X.3.7 right now. There have been MANY of advances, security upgrades, and security patches from Apple since then. Indeed, even back then, when they rated it they rated the UNPATCHED version ... while the WindowsXP they were rating had 20 of the 80 patches then-available. So, it wasn't even close to being an equivalent comparison.

In short ... YOU are the one in DESPERATE need of education.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.