New Mac Trojan Proves There's No Such Thing as a Malware-Proof Platform

By Wayne Rash  |  Posted 2011-10-26 Print this article Print

News Analysis: Hackers have rewritten old Linux code to create a Trojan called Tsunami that attacks Apple Mac OS X computers. It's time to accept the fact that any operating system can be attacked by malware.

We've been hearing the stories for years about how Apple's Macintosh is immune to malware. For years I've heard the smug claims from Mac owners about how it's too bad that Windows users have to load their computers with antivirus software to be safe, but Mac owners don't. For years I've known it was only a matter of time.

So let's say it right now. There's no such thing as a malware-proof platform, especially if that platform is somehow connected to the outside world. But even networks isolated from the Internet are no longer immune as the victims of the Stuxnet worm can attest. The fact is the Macintosh platform is highly vulnerable, especially since relatively few Macintosh users buy and use security software.

So when security company Sophos revealed on Oct. 25 that a new backdoor infection named Tsunami had been detected in the wild, I wasn't surprised. I mostly wondered what took so long.

The reality, of course, is that malware writers look at market share when they're creating their payloads, and Windows gives them the biggest bang for the buck. But the Mac is growing in market share, so it's now worth some attention. This is made more tempting to malware writers by the fact that relatively few Macintosh computers are protected against malware, so it's a very soft target.

So, Mac users, your time has come. You're going to have to plunk down the money and deal with the lost CPU cycles like everyone else, unless you want some botmaster in Lithuania to own your machine. But, of course, it's not just Macs. For too long device owners have taken few if any precautions against malware except on Windows computers. Owners of other devices, whether they're running Linux or BSD or some other Unix-like OS, have assumed that they have no exposure to malware.

And the mobile market is even worse. Ask yourself what kind of protection you have for your BlackBerry or your Android device or your iPad or iPhone. Chances are, the answer is none. While there has been some movement in the Android world after apps in the Android Marketplace were found to contain malware, relatively few Android devices are delivered with anti-malware apps. Worse, the companies selling such apps aren't reporting huge sales, and that's too bad.

Meanwhile, the Apple App Store and BlackBerry AppWorld are tightly controlled, so owners tend to assume that they don't have to worry about malware-infected apps showing up on their devices, and in that sense, they're correct.

Wayne Rash Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.

He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel