from new scientist

Worm targets Mac's latest operating system

11:17 26 October 04

The discovery of malicious computer code designed to attack Apple’s latest operating system has shaken Macintosh users, and bucked the trend of virus writers targeting only Microsoft software.

“I'm now actually a bit spooked,” wrote Chris Waldrip, president of the US-based Atlanta Macintosh Users Group, on the Macintouch.com website.

“Many people using Macs think malware is just a Windows problem but that’s clearly not true,” says Graham Cluley, a consultant at anti-virus software vendor Sophos.

A vulnerability was discovered in OS X in May and at that time a security expert wrote a program that exploited it as a demonstration. But the newly-discovered code is one of the first instances of code written with malicious intent.

Like many Windows viruses, the malware, called “Opener” or “Renepo” (Opener backwards), scours files on an infected computer for passwords. Any found are copied to a hidden file which is accessible to remote hackers.

It also switches off security features such as firewalls and installs key-logging software that records a user’s keystrokes, which could include credit card numbers, say anti-virus vendors Sophos and Symantec. The virus only attacks Apple’s OS X operating system.

Viral contagion

However, unlike the most devastating Windows viruses - such as SoBig and MyDoom - it does not propagate through email and a bug in its code prevents it from automatically spreading from one machine to another, as intended by its designers. “It’s more of a concept virus,” says Johannes Ullrich at the SANS Internet Storm Center in Quincy, Massachusetts, US.

Even if the malware was capable of spreading itself, it would still have only limited success, says Cluley. The architecture of OS X means that Opener only infects machines with "administrator privileges", which means they are configured so the owner has the power change almost any of the settings. This would be rare in a corporate setting, but not in the home user market, Cluley says.

“Opener is not going to spread, but it is more of a wake-up call for those people who might be a little complacent,” he says.

Until now, virus writers have rarely written viruses for Macs, probably because the Apple computers are few in number compared to PCs. It is also harder to disguise malicious executable files as benign in Mac email programmes than it is within Windows-based ones.

Command line

But Macs are gaining in popularity, making them more attractive targets, and this could spawn more devious ways of spreading viruses: “People think it is not as easy to write a good Mac virus, but it may just be that people have not tried hard enough,” says Ullrich.

Perhaps even worse is that OS X, first released in 2001, may have made it easier for hackers to write viruses for Macs, according to Richard Forno, an independent security consultant based in Washington DC.

Its predecessor, OS 9, did not allow users to "drill deep into the operating system" and change things, like modifying applications or switching mail servers on and off, says Forno. But OS X is based on the Unix operating system, as is Linux, and appeals to technically-minded users precisely because it offers the option to program the Mac through a special window called the “command line”.

“If you are a geek you love the command line,” explains Forno. The problem, he says, is that this feature could make it easier for malicious programmers to program Macs for nefarious purposes.