View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
February 19, 2006

Malware, Apple style

Apple Computer Inc's Mac OS X has been targeted by malware writers for the first time, with two pieces of malicious code designed for the operating system appearing in as many days late last week.

By CBR Staff Writer

The first, known as Leap, is either a worm or a Trojan, depending on whose definitions you want to believe. It spreads via the iChat instant messaging network, but requires the user to download, extract and execute it before it can do any harm.

As such, it is expected to not spread very quickly or very far. Apple users may not be accustomed to receiving malware via iChat, but they’re not generally stupid.

Once installed, Leap hooks itself into the iChat program, so that whenever anyone on the infected user’s buddy list changes her status, it attempts to spread itself to that user. It also replaces recently used executables with a copy of itself.

The second program, known as Inqtana, spreads via a known vulnerability in Mac OS X 10.4’s implementation of the Bluetooth stack.

The vulnerability evades security precautions in the software, enabling files to be written outside the designated folder. It was discovered and patched last May, and has the common vulnerability and exposure reference CVE-2005-1333.

Inqtana itself is a proof-of-concept worm, meaning it is not known to be in the wild. It has no overtly malicious payload. It just spreads itself.

It has always been accepted wisdom that Mac OS is just as vulnerable to malware as Windows or Unix-based operating systems, and that Mac users have escaped unscathed largely because bad actors choose to ignore them.

Content from our partners
Five key challenges facing the fashion industry
<strong>How to get the best of both worlds in the hybrid cloud</strong>
The key to good corporate cybersecurity is defence in depth

These two programs seem to prove that hypothesis.

Whether or not the existence of this malware should be taken as evidence that Apple computers are gaining mind or market share in a broader sense is a matter of interpretation, although it certainly is a possibility.

What is less doubtful is that the social engineering used, if not to spread Leap then at least to seed it, played on the Mac users’ own peculiar brand of fandom, as well as Apple’s own overly secretive corporate nature.

Leap was seeded to the MacRumors web site purporting to be an archive of screen-grabs of an unreleased update to the operating system. It’s difficult to imagine that technique working with Windows users.

That said, it’s not a particularly sophisticated social attack, hearkening back to simplistic highly effective engineering used in the I Love You and Kournikova worms that hit Windows users in the late 1990s.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.