Tsunami Trojans on Apple Macs joins an attack wave that shows every device owner needs malware protection, argues Wayne Rash
We’ve been hearing the stories for years about how Apple’s Macintosh is immune to malware. For years I’ve heard the smug claims from Mac owners about how it’s too bad Windows users have to load their computers with antivirus software to be safe, but Mac owners didn’t. For years I’ve known it was only a matter of time.
So let’s say it right now: there’s no such thing as a malware-proof platform, especially if that platform is somehow connected to the outside world. But even networks isolated from the Internet are no longer immune as the victims of the Stuxnet worm could attest. The fact is the Macintosh platform is highly vulnerable, especially since relatively few Macintosh users buy and use security software.
Tsunami waves in anti-malware flood
When the security company Sophos revealed on 25 October that a new backdoor infection named Tsunami had been detected in the wild I wasn’t even surprised. I mostly wondered what took so long.
The reality, of course, is that malware writers look at market share when they’re creating their payloads and Windows gives them the biggest bang for the buck. But the Mac is growing in market share, so it’s now worth some attention. This is made more tempting to malware writers by the fact that relatively few Macintosh computers are protected against malware, so it’s a very soft target.
So, Mac users, your time has come. You’re going to have to plunk down the money and deal with the lost CPU cycles like everyone else, unless you want some botmaster in Lithuania to own your machine.
Of course, it’s not just Macs. For too long device owners have taken few if any precautions against malware except on Windows computers. Owners of other devices, whether they’re running Linux, BSD or some other Unix-like OS have assumed that they have no exposure to malware.
And the mobile market is even worse. Ask yourself what kind of protection you have for your BlackBerry, or your Android device, or your iPad, or iPhone. Chances are, the answer is none. While there has been some movement in the Android world after apps in the Android Marketplace were found to contain malware, relatively few Android devices are delivered with anti-malware apps. Worse, the companies selling such apps aren’t reporting huge sales – and that’s too bad.
More than one way
The Apple Appstore and BlackBerry AppWorld are tightly controlled, so owners tend to assume that they don’t have to worry about malware infected apps showing up on their devices and in that sense, they’re correct.
But malware doesn’t need to be delivered in an app to infect your device. As is the case in Windows machines, malware can be delivered in email attachments, images from the Web, and anywhere else binary content is opened on a device. If your BlackBerry malware arrives in an infected attachment, it’s still malware, and your device is still infected.
The Mac isn’t the only soft target out there. In fact, given the success of the iOS platform the relatively small amount of attention it attracts is a little surprising. Even more surprising is the fact that, until recently, Apple resisted allowing AV vendors to sell anti-malware apps through the Appstore. That’s changed, but the view of owners that they’re somehow immune hasn’t.
So the time has come for a reality check. If you have an unprotected platform of any kind, you’re subject to attack. As Windows machines get better and better protection, and as Windows users finally get a clue about avoiding malware, the bad guys will focus on easier targets. That means you.
Windows hell for everyone
You will need to start taking the precautions people with Windows computers have been taking for years. Those precautions include being careful which Websites you visit, being careful about opening email attachments, and being careful about viewing images where you don’t know the source.
At this point, you have time. Relatively few malware creators have focused on the mobile environment just yet, and relatively few are targeting Linux and Macintosh platforms, but they will. These platforms are currently really easy pickings and that’s what the bad guys love. As the relative market share (compared with Windows computers) increases the amount of malware targeting those platforms will also increase.
This means, among other things, that it’s time that you start investigating security software for all of your platforms, not just the ones running Windows. This is actually pretty easy to do just by searching for “Security” in whatever app market you use. In the enterprise it’s even easier since many enterprise security packages already cover mobile devices, either as part of the basic package or as an option.
But, Mac users, the bottom line is that your free ride is over. The bad guys of malware have you in their sights, and you can find out just how frustrating it is to have your machine taken away from you and made part of a botnet. Fortunately, it’s only one really bad Trojan so far. But there will be more.