[LINK] Mac porn hackers lay booby trap
brd at iimetro.com.au
Mon Jun 15 21:00:55 EST 2009
Mac porn hackers lay booby trap
June 15, 2009 - 11:53AM
Security experts have discovered two new pieces of malware targeting
Apple computers, putting paid to the company's claims that Mac users do
not have to worry about viruses and security software.
The attacks - dubbed OSX/Tored-A and OSX/Jahlav-C - were discovered in
email messages and on popular internet porn sites. The porn site attack
directs users to download a "missing Video ActiveX Object" in order to
view a pornographic film, but instead victims are hit with a virus
enabling attackers to control their computer.
Graham Cluley, a computer security expert with Sophos, which discovered
one of the attacks, said Mac users had become complacent after years of
not having to worry about malware threats.
"As we've demonstrated before, and as we'll no doubt explain again, the
Mac malware threat is real," he said.
"Hackers are deliberately planting malicious code on websites, and using
social engineering tricks to fool you into installing it onto your
Last year, Apple updated one of its support advisories, recommending
customers run anti-virus software. After a torrent of negative online
articles about the issue, Apple removed that page, arguing that Macs
provide protection against security threats right out of the box.
Ira Winkler, president of the US Internet Security Advisors Group, wrote
in a recent article that Apple should be investigated by US authorities
for claiming in advertisements that Windows PCs are vulnerable to
viruses and Macs are not.
He noted Apple had not issued an update to plug a serious Mac software
hole six months after the hole and a fix was discovered.
"How can Apple get away with this blatant disregard for security?" he said.
"Its advertising claims seem comparable to an automobile manufacturer
implying that its cars are completely safe and its competitors' cars are
death traps, when we all know that all cars are inherently unsafe."
Winkler said although cyber criminals targeted Windows far more than
Macs due to the greater number of potential victims, Apple could no
longer rely on "security through obscurity".
Earlier this month, security consultant Rich Mogull wrote on his blog
that Apple was struggling to protect users against malware and other
online threats. He suggested a number of improvements such as appointing
a chief security officer and establishing a security response team.
"Based on a variety of sources, we know that Apple does not have a
formal security program, and as such fails to catch vulnerabilities that
would otherwise be prevented before product releases," he wrote.
On a website devoted to security features of the next update to its Mac
OS X operating system, Snow Leopard, Apple says built-in technologies
provide malware protection out of the box, but advises "antivirus
software may offer additional protection".
Cluley did not believe Apple was being honest with that description:
"Seeing as the [porn site] attack ... is not taking advantage of any OS
vulnerabilities and just exploiting human weakness, I think Apple would
be wise to change that 'may' to a 'will definitely'."
brd at iimetro.com.au
More information about the Link