Jason Mick
Apple users better stock up on protection, a new worm has been specifically tailored for Macs. (Source: GameSpot)
Will the recent round of Mac viruses finally end the falsehood that Macs are immune to viruses, a message Apple is happy to perpetrate in its commercials? (Source: CNN.com)
So much for Apple's being "immune" to worms
A curious falsehood has surrounded Mac computers over the last decade, as they have resurged onto the market. People believe that Macs are immune to the malware, viruses, and worms that have wrought havoc on PCs.
In reality, OS X is not much more or less secure than Windows Vista -- rather it is Apple's small market share that has protected it. Since Mac attacks would have to be custom-made, there just hasn't been much interest among Black Hats to attack them. Kevin Haley, a director of security response at Symantec, states, "The bad guys generally go toward the biggest target, what will get them the biggest bang for their buck."
However, with surging market share and pop icon status, the Macs are suddenly finding themselves under attack. On the heels of Apple's announcement that customers should get an antivirus program, Apple has been attacked by what are some calling OS X's first official worm. The trojan, dubbed "iBotnet", has wormed its way into several thousand Macs. The virus is written specifically for Mac computers and does not affect Windows machines.
The new virus infects users’ computers via pirated copies of Mac software iWork, which have been floating around P2P networks. It was first reported in January, and unlike other worms, like the Conficker worm, is relatively harmless due to the small number of infected machines (precluding effective denial of service attacks).
States Paul Henry, a forensics and security analyst at Lumension Security in Arizona, "We all knew it was going to happen. It was just a matter of time, and, personally, I think we're going to see a lot more of it."
While the new worm is the first to only target Macs, it’s not the first botnet to consist of some Mac machines. Jose Nazario, a senior security researcher with Arbor Networks, states, "This isn't the first botnet that's been built using Mac computers. This is an interesting one in that it's a little more flexible and includes some new features. ... It's getting a lot of press mostly because it's Mac and people are talking about how Macs are immune to malware -- and, sure enough, they're not."
In a statement, Apple responds, "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users."
Macs today account for approximately 7.4 percent of consumer computers in the U.S., according to Gartner, a leading market research firm. While, according to Gartner, these users on average are more affluent than PC owners, the unproven nature of Mac virus software (owing to their low market share in the 90s) has made Mac viruses still unexplored territory. However, that looks to be changing, and given Apple's slow rate of patching, it could be in trouble in the near future.
===================================
===================================
Here is a little more about this.
iWork '09 trojan infects at least 20,000 machines.
http://www.engadget.com/2009/01/22/iwork-0" onclick="window.open(this.href);return false;…hines/#comments
Pirated iWork '09 installer may contain trojan horse
in macworld.com
http://www.macworld.com/article/138380/iworktrojan.html" onclick="window.open(this.href);return false;
I didn't have iwork09 but as i was reading, i found this and thought someone might need this.
sees if you have it at /System/Library/StartupItems for an item named iWorkServices
a copy paste of ways to get ride of it from engadget user Aaron
To those of you who pirated this software:
1. (open Terminal.app)
2. sudo su (enter password)
3. rm -r /System/Library/StartupItems/iWorkServices
4. rm /private/tmp/.iWorkServices
5. rm /usr/bin/iWorkServices
6. rm -r /Library/Receipts/iWorkServices.pkg
7. killall -9 iWorkServices
Most of all, don't execute anything that doesn't look legit. Just because something asks for your root password doesn't mean you should just blindly enter it.