Apple systems hit by attacks

[BERIGAN]

Apple systems hit by attacks

Two apparently unrelated viruses spottted in two days

Richard J. Dalton Jr. / Newsday

Advertisement

Printer friendly version

Comment on this story

Send this story to a friend

Get Home Delivery

A worm is waiting to slither into the Apple and another is already crawling around, the first computer worms designed to attack Apple's newest operating system, Macintosh OS X.

The worms -- computer viruses that self-propagate -- are significant because Apple's Macintosh computers have been viewed as more secure than PCs running Microsoft Windows.

The Inqtana virus, discovered Friday, spreads via the Bluetooth wireless capability. But Apple has already fixed the security hole that Inqtana seeks to exploit.

The OSX/Leap-A virus, detected Thursday on a forum popular among Mac users, spreads via instant messaging once a user downloads and installs it. There's no vulnerability that can be fixed to stop Leap-A; users just shouldn't download files from unknown sources, experts said.

"Apple always advises Macintosh users to only accept files from Web sites they know and trust," an Apple spokesman said.

The viruses appear to be innocuous, defined as level 1 by Symantec, an information security company that makes anti-virus software, with level 5 the most severe.

Two apparently unrelated Apple viruses in two days could portend more attacks, experts said.

"It's sort of a wake-up call for Apple users," said Johannes Ullrich, chief technology officer of the Internet Storm Center, an early-warning service for malicious computer attacks. "Everybody focuses on Windows, but there are viruses for other operating systems."

Apple's move to the Intel chip could further jeopardize Macintosh computers because virus writers have had years of experience writing malicious code exploiting the chip's vulnerabilities, said Dean Turner, senior manager for Symantec Security Response.

While Apple computers are "much, much safer than Windows," some Macintosh users are in denial that the system is vulnerable, said Graham Cluley, senior technology consultant for Sophos, a computer security company with U.S. headquarters in Boston. "Some of them have to take their heads out of the sand a bit."

http://www.detnews.com/apps/pbcs.dll/artic.../602180368/1013

[Jim Dye]

Mac Attack a Load of Crap

Commentary by Leander Kahney | Also by this reporter

02:00 AM Feb, 22, 2006

Is the sky falling in on our smug little Mac universe?

On Tuesday, there was news of a security hole in Apple's Safari web browser that allows a system to be compromised by merely visiting a website. And last week, the first worm to pose a serious threat to Mac OS X, Leap-A or Oompa Loompa, raised its ugly little head.

These security woes prompted a rant from one of our editors in a daily story meeting.

Mac security-threat stories are annoying, he said, because they play off misconceptions -- held with a fervor bordering on the religious -- that the Mac platform is inherently more secure than Windows. Not so, he insisted. Microsoft has done some stupid things that exposed its customers to unnecessary risks compared to Mac users. But all systems are theoretically vulnerable, so it's inevitable that the Mac citadel will eventually be breached.

The Mac has had no viruses to date, he said, primarily because of its small market share. It's got a superior track record compared to Windows, but it's not invulnerable; rather, no one has bothered to spend much time trying to attack it. Now that hackers are taking more notice, life will get harder for Mac owners. He suggested I tackle this "wake up call" in this column.

Naturally, I agreed. "You're right," I said. "The Mac is sure to become a target now it is becoming more popular, and by definition, no system is 100 percent secure."

So, imagine his reaction when he sees this:

I'm not going to be running any anti-virus software anytime soon, just as I haven't run it for many years.

Also, I'm not going to turn off any preferences that make my daily computing habits any less convenient (the browser takeover is protected against by disabling the "Open safe files after downloading" preference in Safari).

The smuggest of smug Mac users is right: the platform is more secure, and these new security threats are no more threatening that a paraplegic kitten.

The Leap-A malware was a poorly-programmed Trojan horse that relied on "social engineering," or trickery to perform its nasty function. There's a simple way to protect against this kind of threat -- common sense -- and in testament to this, a lot of people didn't fall for it.

I'm not going to catch a virus this way any more than I'm going to send money to the honorable Dr. Mobuntu, head of the Central Bank of Nigeria.

When it comes to Leap-A, I'll continue practicing the same common-sense precautions I take when using a Windows machine, like not opening any "nude pictures" of Britney Spears I get in e-mail.

As for the Safari hole, it's a vulnerability, not an exploit, and there are probably dozens of these in OS X, maybe more.

The same is true of Windows and other platforms -- there are dozens of potential ways in, according to the SANS Institute, but a vulnerability does not an exploit make.

These Mac security holes are a storm in a teacup. They've inspired hundreds of stories in the press and even the national network news, but if they were Windows holes, no one would have blinked.

That's because holes in Windows are routine, business as usual, while it now appears the Mac is under attack thanks to Apple's brand-new high profile. But this isn't the case.

Last month, there were four "massive" virus attacks on Windows, according to Commtouch, an antispam and antivirus vendor. Indeed, viruses are now so aggressive, they routinely outpace attempts by antivirus companies to distribute protective signatures.

This state of affairs is now so common, I hadn't noticed -- and I work for a technology news site. "Virulent computer virus infects millions worldwide, other non-news at 11."

These Mac "threats" are only news because of their novelty, not the threat level they pose.

I'm so confident in my Mac's security, here's my IP address in case any hackers want to take potshots at my machine....

Just kidding. I'm not that dumb.

[Kalo]

Interesting that this happens around the same time as the rumors about Mac abandoning its own OS and switching to Windows....

[Quincy]

Leap-A really was something of a joke. It required the admin password to activate, and then when it activated it didn't do much. It's really more of a trojan than a virus. And anytime a "virus" requires the admin password to do something, well, it kind of takes the sting out of it.

However, there is a more dangerous threat out there with Safari.

Arstechnica article

The workaround highlighted:

"Right now, the only workaround for Safari users is to uncheck the "Open 'safe' files after downloading" option in Safari preferences. Safari is the only Mac OS X browser affected, so users of Camino and Firefox as well as WebKit-using browser such as OmniWeb and Shiira are safe. Another option is moving Terminal out of /Applications/Utilities so that absolute paths inserted into scripts won't work."

[Jazzmoose]

I'm not going to catch a virus this way any more than I'm going to send money to the honorable Dr. Mobuntu, head of the Central Bank of Nigeria.

What's this about Dr. Mobuntu? I am currently involved in a...um..."business arrangement" with him; is there something I should know?

[AllenLowe]

he's asked me to act as a third party - I need your social security number, credit card number, and wife's phone number -