In the last few days, there's been a great deal of publicity about the discovery of the world's first Mac botnet. When Mac users downloaded a pirated copy of iLife, their machines were taken over by a Trojan. At that point, according to Symantec experts Andy Cianciotto and Angela Thigpen:
When the Trojanized installer is executed, it also runs the malicious program iworkservices. The Trojan, OSX.Iservice, targets the Mac OS and is compiled as a Mach-O multi-architecture binary. This allows the Trojan to run natively on both PowerPC and x86 architectures.Symantec notes, in its description of the Trojan, that the threat of being infected by this malware is low. Still the mere fact of its existence, and a botnet run by it, shows that the claims of Mac folks that Macs are invulnerable to attack, are simply false.
The Trojan acts as a back door and opens a port on the local host for connections. It then attempts to connect to the following remote hosts:
If that news wasn't bad enough for Mac fans, the New York Times reports that security researcher Dino A. Dai Zovi claims that Macs are less secure than either Windows or Linux machines.
It's no idle claim; Dai Zovi won the Pwn2Own hacking contest in 2007, and is author of the Mac Hacker's handbook.
He told the Times that
"I have found that Macs are less secure than their current Windows and Linux counterparts. At least for the last several years, Apple has lagged behind in security, largely because the threat hasnt been there."He's not alone. Mac security expert Rich Mogull told the Times the same thing. The most recent versions of Mac OS X are "inherently less secure than the latest versions of Windows," he told the newspaper. Mogull says that several years ago Mac OS X was more secure than Windows because it has a UNIX foundation. But new kinds of attacks means that "all the Unix protections can be circumvented."
So for those in the Mac community who believe the Mac is invulnerable, there's this simple message: You're living in the past.