14 DAY TRIAL // Graham Cluley, Senior Technology Consultant for renowned security firm Sophos, says that with Apple's rapidly growing market share (now at 8.5 percent) and sales of around 2.5 million Macs in the last quarter, recent Mac switchers are sitting ducks for "profit-minded cybercriminals," as a Chron report reveals.
"It's still a drop in the ocean compared to Windows vulnerabilities, but [Mac vulnerabilities] have become more sophisticated and more criminally minded, rather than just proof of concept," said Graham Cluley of Sophos. He also notes that bad computing habits have brought viruses to Windows. These newbies, who are now switching platforms, may very well be the reason Macs will get infected as well, the tech consultant believes.
"The company reports today that two new Mac-ware Trojans that emerged in February and June ought to shake Mac users of their misconceptions that their computers (and, eventually, iPods and iPhones) are impenetrable. To put this in perspective, the first really pernicious piece of Mac malware emerged only in October, 2007," Mr. Cluley added, according to the aforementioned source, "suggesting that a worrisome trend is about to get worse."
So what exactly are we talking about here? Obviously, of the Trojan found capable of taking advantage of Apple's Remote Desktop Agent last month. The vulnerability allows malicious programs to execute code as root when run locally, or via a remote connection, on computers running Mac OS X 10.4 and 10.5. Apple has let the vulnerability "slip," while some reports claimed the Mac maker was busy working on a patch (no word on that yet).
"If the modus operandi sounds familiar, that's because a lot of the same virus gangs who perfected their exploits on Windows machines are now tweaking them for Macs," Mr. Cluley warns the Mac userbase.
The Trojan is capable of the following damages, according to Sophos' technology consultant:
- disable system logging and delete system log files;
- start PHPShell and web server;
- start ARD, VNC and SSH services;
- disable system updates;
- open ports in the firewall;
- disable third party security software;
- install LogKext keylogger;
- steal various password hashes and keys which may be used to compromise other systems.
The report notes that OSX/Hovdy-A will also attempt to use the ARDAgent vulnerability to obtain root access.
The flaw has been in the news since June. To this day, Apple hasn't released an official patch for the vulnerability with the Remote Desktop Agent. However, a couple of code savvy blokes (not Apple employees) have. The free patch is simple to install and run, as it is simple in what it does: it restricts ARDAgent to the basic applescript dictionaries, preventing the use of the "do shell script" command.
After downloading and installing the patch, Ben, one of our readers, wrote: "Seems to work perfectly, I was worried about Remote Desktop not working after the patch, but I now say that it does! It works, and it's great!"
So, how close do you think we are to a slew of viruses threatening Macs?