New Mac Trojan Proves There's No Such Thing as a Malware-Proof Platform

By Wayne Rash  |  Posted 2011-10-26

New Mac Trojan Proves There's No Such Thing as a Malware-Proof Platform

We've been hearing the stories for years about how Apple's Macintosh is immune to malware. For years I've heard the smug claims from Mac owners about how it's too bad that Windows users have to load their computers with antivirus software to be safe, but Mac owners don't. For years I've known it was only a matter of time.

So let's say it right now. There's no such thing as a malware-proof platform, especially if that platform is somehow connected to the outside world. But even networks isolated from the Internet are no longer immune as the victims of the Stuxnet worm can attest. The fact is the Macintosh platform is highly vulnerable, especially since relatively few Macintosh users buy and use security software.

So when security company Sophos revealed on Oct. 25 that a new backdoor infection named Tsunami had been detected in the wild, I wasn't surprised. I mostly wondered what took so long.

The reality, of course, is that malware writers look at market share when they're creating their payloads, and Windows gives them the biggest bang for the buck. But the Mac is growing in market share, so it's now worth some attention. This is made more tempting to malware writers by the fact that relatively few Macintosh computers are protected against malware, so it's a very soft target.

So, Mac users, your time has come. You're going to have to plunk down the money and deal with the lost CPU cycles like everyone else, unless you want some botmaster in Lithuania to own your machine. But, of course, it's not just Macs. For too long device owners have taken few if any precautions against malware except on Windows computers. Owners of other devices, whether they're running Linux or BSD or some other Unix-like OS, have assumed that they have no exposure to malware.

And the mobile market is even worse. Ask yourself what kind of protection you have for your BlackBerry or your Android device or your iPad or iPhone. Chances are, the answer is none. While there has been some movement in the Android world after apps in the Android Marketplace were found to contain malware, relatively few Android devices are delivered with anti-malware apps. Worse, the companies selling such apps aren't reporting huge sales, and that's too bad.

Meanwhile, the Apple App Store and BlackBerry AppWorld are tightly controlled, so owners tend to assume that they don't have to worry about malware-infected apps showing up on their devices, and in that sense, they're correct.

Its Time for Mac Owners to Invest in Antivirus Software


But malware doesn't need to be delivered in an app to infect your device. As is the case in Windows machines, malware can be delivered in email attachments, images from the Web and anyplace else where binary content is opened in a device. If your BlackBerry malware arrives in an infected attachment, it's still malware, and your device is still infected.

But the Mac isn't the only soft target out there. In fact, given the success of the iOS platform, the relatively small amount of attention is a little surprising. Even more surprising is the fact that until recently, Apple resisted allowing AV vendors to sell anti-malware apps through the App Store. That's changed, but the view of owners that they're somehow immune hasn't.

So the time has come for a reality check. If you have an unprotected platform of any kind, you're subject to attack. As Windows machines get better and better protection, and as Windows users finally get a clue about avoiding malware, the bad guys will focus on easier targets. That means you.

This also means that you will need to start taking the precautions that people with Windows computers have been taking for years. Those precautions include being careful what Websites you visit, being careful about opening email attachments and being careful about viewing images where you don't know the source.

At this point, you have time. Relatively few malware creators have focused on the mobile environment just yet, and relatively few are targeting Linux and Macintosh platforms, but they will. Those platforms are currently really easy pickings, and that's what the bad guys love. As the relative market share (compared with Windows computers) increases, the amount of malware targeting those platforms will also increase.

This means, among other things, that it's time for you to start investigating security software for all of your platforms, not just the ones running Windows. This is actually pretty easy to do just by searching for "Security" in whatever app market you use. In the enterprise, it's even easier since many enterprise security packages already cover mobile devices either as part of the basic package or as an option.

But the bottom line, Mac users, is that your free ride is over. The bad guys of malware have you in their sights, and you can find out just how frustrating it is to have your machine taken away from you and made part of a botnet. Fortunately, it's only one really bad Trojan so far. But there will be more.

Rocket Fuel