OS X Malware: How’s this for “Openers?”

By on November 1, 2004

Lots of discussion on MacInTouch the last few days regarding the Opener malware that’s been caught in the wild recently:

Our take on the whole thing is that it’s a Macintosh security wake-up call but not yet an immediate, widespread threat. The two most disturbing aspects are that malware apparently has gotten onto a few Mac systems and that it’s pretty tricky stuff.

There’s a long-term concern that this could grow into a larger problem, if we’re not careful or if an ambitious “bad guy” finds a new security hole or works hard enough to target the Mac platform.

In the short term, we need to nail down the best possible security practices (which are coming out of this discussion), and we need to define a secure set of tools and procedures for identifying and eliminating this particular threat (e.g. creating a bootable DVD from

Apple installation discs in a clean environment that can’t be infected in the process).

We also need to identify the source of the few infections we’ve seen. Did the malware get in through open network ports, through peer-to-peer file-sharing downloads, via physical access to the computer, or through some other vector?

No clear word on how this bug is propagated, but there are some good tools coming out to protect systems from Opener. Could this be the beginning of the end of the smug satisfaction that Mac users have enjoyed for so long when it comes to security?

It makes me wonder anew the how’s and why’s behind viruses, worms, and trojans. I don’t recall reading much on the web or elsewhere about that, other than attributing the problem to a few malicious hackers trying to make a name for themselves. Other than that there seems to be little motivation for people to do it other than the perverted joy it might bring them to see millions of other people squirm.

But there can only be so much satisfaction in that, so I’ve got to wonder if there is money involved, and where it comes from. And that leads to the question of who benefits most from the proliferation of computer bugs… Follow the money, and it leads back to the publishers of anti-virus software, who benefit from unending subscriptions to their services and a growing dependency on those services. Think of a mob protection scam; pay your “insurance” and they make sure that nothing bad happens to you.

Maybe it’s just the Perry Noid in me, but you gotta wonder.

Gadgetopia

Comments

  1. The money train from viruses doesn’t lead back to anti-virus firms, it leads back to spammers. Trojans were mostly hacker’s toys until someone figured out that armies of ‘zombie’ machines could be used to send spam without those nasty bandwidth charges, and without much traceability.

    I’ve never heard of a reported case, but it wouldn’t suprise me at all to hear that hackers are being paid to perform DDoS attacks as well.

  2. Sanford Wallace — the infamous Spam King — got busted a few weeks ago for infecting machines with spyware then offering a tool to fix it for $30, so there’s precendent.

  3. That’s right; and there was the guy — in Europe somewhere — who wrote a virus, and said he did it to help his mom’s anti-virus software company get off the ground.

    But it still begs the question, are these few instances just small-timers trying to do what the big dogs are already doing? And who is funding the big dogs?

    “it wouldn’t suprise me at all to hear that hackers are being paid to perform DDoS attacks as well.”

    And I guess it goes back to the stupid, gullible few who actually respond to the spam messages they get. The boneheads. They are the 0.01 percent that the spammers hope to hook by sending out untold millions of messages.

    I dunno; I guess it wouldn’t surprise me if one day a connection is made between Symantec or Virex and a professional hacker creating new bugs.

  4. Actually, Symantec and Norton would be more productive by putting people like me on their payroll to dissuade people from buying Macs, and get them to buy PCs instead. That would do more to keep their business running than any individual virus.

  5. On a techno psycho perspective, I worked with a guy at a large computer manufacturer who created viruses because he had a god complex. He believed viruses were his “creation” and made him equal with god because he could create something from nothing.

  6. Slashdot is reporting this today, which is somewhat related:

    http://www.eweek.com/article2/0,1759,1706659,00.asp

    “[…] anti-spyware vendor Aluria Software has partnered with WhenU of ‘WhenUSave’ and ‘SaveNow’ infamy. They’ve removed WhenU from their spyware/malware definition lists, certified their applications as safe, and they deny that money was involved.”

    You’re only spyware, it seems, until you can pay enough to get re-classified.

  7. “He believed viruses were his “creation” and made him equal with god because he could create something from nothing.”

    I’d associate him with a deity that dwells well south of God.

    Anyway, I create something from nothing all the time. The only difference between him and me is that I flush afterwards.

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.