By Mike Musgrove and Brian Krebs
Washington Post Staff Writers
Friday, February 17, 2006
A rare piece of malicious software targeting Apple's Mac OS X operating system -- instead of the more common victim, Microsoft Windows -- has been spotted online and appears to be spreading. Like many computer viruses, the bug lures people to click on it by posing as something else, in this case a file containing a picture of the next-generation Apple operating system.
The malicious software causes computer programs to crash and transmits itself through an instant message program for the Mac called iChat. To get infected, users must download the file, called "latestpics.tgz," and install it on their computer. Infected computers will then automatically attempt to send the program to all contacts on the infected user's "buddy list."
Mac users typically have not had to worry about the computer worms and viruses that regularly hit the Windows-using world. It's a regular debate among techies whether this is because the Mac operating system is inherently more secure or whether computer hackers simply do not bother attacking an operating system that is not widespread. Apple Computer Inc. has less than 5 percent of the U.S. computer market.
Apple released a statement yesterday warning users to download files from only companies they have confidence in. "Apple always advises Macintosh users to only accept files from vendors and Web sites that they know and trust," read the statement. Apple's Web site yesterday afternoon did not appear to give Mac users any notice of the bug, and a spokesman was uncertain whether the company would update its operating system in response to this specific threat.
One software expert who examined the bug's code yesterday downplayed its author's programming abilities as "lame."
"Whoever wrote this isn't particularly skillful," said Andrew Welch, president of Ambrosia Software Inc., a firm that develops programs for Macs. "It's not a very viral virus, I'll put it that way."
Welch examined the code and tested it on a few computers. He said the "malware" failed to work on most of the machines he tried to infect with it.
Computer security researchers agreed that the threat level posed by this bug is relatively low but said the malicious software could inspire more potent copycats and mark a new era of threats for previously secure Mac users.
Vincent Weafer, senior director of Symantec Corp. security response, called the bug "a proof of concept."
"Many Mac users feel they don't have to worry about viruses and following security best practices," he said. "I think we're absolutely likely to see a lot more attacks."
Krebs is a staff writer for washingtonpost.com.