14 DAY TRIAL // One of the things that makes Linux and Mac OS X platforms be perceived as secure by default is a virtually inexistent threat environment. Actual code quality, and the amount of security vulnerabilities are anodyne aspects in the security equation if there is no malicious code designed to exploit security flaws. The amount of attacks and the volume of malware created for a specific piece of software are on the other hand factors that contribute decisively to delivering a true measure of security. Being the most attacked operating system in the world due to its ubiquity, Windows is also perceived as delivering the lowest standard for security.
Because targeting Windows is an equivalent of shooting fish in a barrel, Mac OS X, Linux, and more recently Windows Vista, are somewhat ignored by attacks and malware authors due to their obscure market share. Security company Kaspersky warned at the beginning of 2007, of a tendency in the threat environment to migrate to alternative platforms. Sophos offered an insight into such a possibility with Mal/Fallblo-A, a worm designed to run both on Windows and on UNIX.
"We were sent a sample this week written by a self-pronounced "Whitehat Hacker" for a worm written using the .NET framework, that we're detecting as Mal/Fallblo-A. What makes this malware unusual is its intention to be able to run on any platform that supports .NET, including both Windows- and Unix-based systems. In this case the worm attempts to send itself via email, and in fact will choose the message characteristics based on the language of your system, the language of the recipient's email address, the platform you are running, and whether or not it believes you to be a "professional" or an "average" user (based on the software you have installed)," revealed Richard , Security expert with SophosLabs Canada.
Mal/Fallblo-A is a worm that spreads via email attachments, coming with its very own emailing engine, and that will jump from Windows to UNIX without any problems. Sophos considers the worm harmless, and estimated that there is no actual possibility of a Windows/UNIX epidemic. The most relevant detail about Mal/Fallblo-A is the fact that the worm could be customized to affect not only Windows and UNIX, but also Linux and Mac OS X. "Despite the author announcing this malware publicly and providing the source code and binaries, it's unlikely that we'll be seeing Mal/Fallblo-A "in the wild". It does however make a point about the possibility for cross-platform malware, and once again raises the issue of "responsible disclosure", or in this case the lack thereof", Cohen added.