View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Technology
February 19, 2006

Malware, Apple style

Apple Computer Inc's Mac OS X has been targeted by malware writers for the first time, with two pieces of malicious code designed for the operating system appearing in as many days late last week.

By CBR Staff Writer

The first, known as Leap, is either a worm or a Trojan, depending on whose definitions you want to believe. It spreads via the iChat instant messaging network, but requires the user to download, extract and execute it before it can do any harm.

As such, it is expected to not spread very quickly or very far. Apple users may not be accustomed to receiving malware via iChat, but they’re not generally stupid.

Once installed, Leap hooks itself into the iChat program, so that whenever anyone on the infected user’s buddy list changes her status, it attempts to spread itself to that user. It also replaces recently used executables with a copy of itself.

The second program, known as Inqtana, spreads via a known vulnerability in Mac OS X 10.4’s implementation of the Bluetooth stack.

The vulnerability evades security precautions in the software, enabling files to be written outside the designated folder. It was discovered and patched last May, and has the common vulnerability and exposure reference CVE-2005-1333.

Inqtana itself is a proof-of-concept worm, meaning it is not known to be in the wild. It has no overtly malicious payload. It just spreads itself.

It has always been accepted wisdom that Mac OS is just as vulnerable to malware as Windows or Unix-based operating systems, and that Mac users have escaped unscathed largely because bad actors choose to ignore them.

Content from our partners
Signs your accounting software is no longer fit for your growing business
Incumbent banks must transform at speed, or miss the benefits of open banking
Leverage cloud and expertise to optimise engagements from onboarding to conclusion

These two programs seem to prove that hypothesis.

Whether or not the existence of this malware should be taken as evidence that Apple computers are gaining mind or market share in a broader sense is a matter of interpretation, although it certainly is a possibility.

What is less doubtful is that the social engineering used, if not to spread Leap then at least to seed it, played on the Mac users’ own peculiar brand of fandom, as well as Apple’s own overly secretive corporate nature.

Leap was seeded to the MacRumors web site purporting to be an archive of screen-grabs of an unreleased update to the operating system. It’s difficult to imagine that technique working with Windows users.

That said, it’s not a particularly sophisticated social attack, hearkening back to simplistic highly effective engineering used in the I Love You and Kournikova worms that hit Windows users in the late 1990s.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy