Mac Trojan Set Loose—More to Come?

A malicious Trojan for Mac OS X purports to be a version of Office 2004 for Mac; is the platform on the verge of increased attention from virus writers?

The first malicious Trojan for Mac OS X has been found in the wild, leading some to claim the platform may be on the verge of increased attention from virus writers. The Trojan—dubbed AS.MW2004.Trojan by anti-virus company Intego—was first discovered by a reader of British Mac magazine MacWorld. It takes the form of a file purporting to be a version of the newly released Office 2004 for Mac and is available on download services such as LimeWire. However, despite appearing with a legitimate-looking icon, the Trojan is in fact a simple AppleScript application that, when run, erases the contents of the users Home folder. And, unlike the real release of Office 2004, the application is only 108KB in size. For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog. After being alerted to the existence of the Trojan, Microsoft Corp. issued a statement saying, "Microsoft does not currently offer any Web downloads for Office 2004. When looking for product enhancements from Microsoft customers should always download from www.microsoft.com/mac or use the new auto-update tool in Microsoft Office 2004 for Mac." And Apple Computer Inc. was quick to respond, seeking to reassure Mac users concerned over the potential of the Trojan. "This is not a virus, does not propagate itself and has only been found on a peer-to-peer network," said a company spokesman. "This is an example of the perils of seeking illegal software." This view of AS.MW2004.Trojan was backed by Denis Zenkin, head of corporate communications at anti-virus vendor Kaspersky Labs. "It is definitely not a virus because it has no ability for infecting other files. Ability to propagate is a feature inherent to other types of malicious programs—worms," he said. However, some commentators said Mac users should not become complacent. "A small number of virus writers are showing an increased interest in Unix, and there have been Unix worms that have spread in the wild," said Graham Cluley, senior technology consultant at anti-virus company Sophos. "For this reason Mac OS X users should not think they have nothing to worry about moving into the future." Could a worm on Mac or Linux ever get traction? Read Larry Seltzers column. Zenkin, though, downplayed the Macs potential as a future virus target: "We believe there are three conditions for malware to exist within an operating environment," he said. "Firstly, it should be widespread in order to cover a number of virus writers. Secondly, it should be well-documented and provide easy-to-use tools for development of user applications. Thirdly, it should not be well-protected. With Mac OS X, the first condition is not really fulfilled—this operating system is mainly used by professionals who have more important things to do than creating viruses. So we do not expect Mac OS to be a platform for future virus development." Check out eWEEK.coms Macintosh Center at http://macintosh.eweek.com for the latest in news, reviews and analysis about Apple in the enterprise.
Be sure to add our eWEEK.com Macintosh news feed to your RSS newsreader or My Yahoo page: