A "Worm" with Eyes for Apple


By Alex Salkever Every time I write a column about Apple, I get e-mail from people telling me they don't have antivirus software and don't run a firewall because Macs are inherently safer than PCs. Actually, the language is often more colorful than that, but the idea is always the same: that Macs possess a security halo bestowed upon them by the coding gods at Apple and Unix-based software's rock-solid security record.

Now, I say every Apple ((AAPL)) owner who has written me one of those crowing e-mails should do himself a big favor and go buy some security software, pronto. True, the day of reckoning for Mac owners hasn't arrived -- but it might be coming pretty soon.

During the week of Oct. 18, Internet bulletin boards started lighting up with conversations about the so-called Opener Internet worm. It actually isn't a worm, as it has no mechanism to spread from one computer to another. Rather, Opener is just a piece of malicious software designed to take over the computer of an unsuspecting user. It isn't hugely sophisticated.

So why all the buzz? It turns out that Opener could easily become the first real worm targeting Macs running OS X, Apple's Unix-based operating system. The exact origin of the code behind Opener remains unclear, and to the best of anyone's knowledge, Opener never appeared in the wild. It may have been written as a case study.

END OF INNOCENCE Still, its murky origins are troubling. No one knows who has and who hasn't seen the source code for this worm. But most likely it's tucked away on some obscure file server or floating around in some Internet chat room. If the recent history of Internet worms and e-mail viruses is any indication, Mac users should expect to see Opener again in the future. In fact, I would even say Opener could signal the end of innocence for OS X users.

It's a nasty little package. Once installed by an unsuspecting user, Opener would turn off Apple's built-in personal firewalls and turn on dangerous Internet services that might allow others to access that Mac remotely over the Net. To cover its tracks, Opener would wipe out log files.

True, the level of sophistication of worms and viruses in the Windows world is higher, as is their rate of occurrence. And Opener can't spread unless someone physically installs it on a machine by downloading it from an e-mail message intentionally sent by a human user. It can't self-propagate like worms and viruses. But Opener should serve as a wake-up call to complacent and naive Mac users who assume the Apple logo equals total security.

ZOMBIE MACHINES. Here's why. For starters, there's the myth that the relative scarcity of Macs makes them a less enticing target than those ubiquitous Windows machines. For malicious hackers who find glory in bagging the maximum number of boxes, that logic holds true. For the increasing numbers of organized criminals seeking to use computers for such illicit activities as cyber-extortion, identity theft, and sending spam, more than enough Macs are out there.

According to Apple, more than 12 million Macs now run OS X. The majority of them, I would wager, are connected to the Internet via broadband. That means a hacker seeking to use an Apple-specific Internet worm like Opener could build a fleet of "zombie" machines designed to spew out spam or threaten banks with denial-of-service attacks could target millions of Macs.

If an emerging cybercrime ring took over even just a small fraction of those Apples, it would marshal enough firepower to send out huge volumes of spam or take down just about any private Web site with streams of bogus data requests.

IDENTITY THEFT RISK. What Opener adds to such a scenario is convenience. Criminals, like most folks out to make a fast buck, would prefer not to have to reinvent the wheel. Opener builds the wheel for them. No, it doesn't have a mass mailer included in its packet of code. But serious computer crooks could easily insert one that would turn Opener into a spambot.

On the Windows security front, secretive coders regularly modify existing Internet worms and e-mail viruses to improve their efficacy by making them harder to detect. There's no reason to believe that Opener won't undergo a similar metamorphosis.

Which brings me to yet another reason why Apple users shouldn't feel so safe. That attitude makes them a more attractive target for identity theft. Even if Apple really pushed its users to protect their computers better, I think it would be very difficult to convert the folks who take pride in their refusal to use antivirus software. But they're precisely the kind of low-hanging fruit that cybercrooks love to harvest.

WEAPON OF MAC DESTRUCTION. Equally attractive are Mac users who aren't tech-savvy enough to understand computer security issues. After all, they probably bought Macs because of the machines' simplicity. No one told them about firewalls or antivirus software. This isn't to say Windows doesn't have similarly oblivious users. But Apple has always promoted itself as the computer for people who don't know anything about computers. It just works, right?

To a certain degree, Apple takes care of its less techno-savvy users with automatic software updates and rapid fixes to security holes. It also ships all its computers with potentially dangerous features, such as network sharing and Web serving, turned off. But Opener illustrates how easy it might be to overcome that out-of-the-box security. It surreptitiously turns on many of these features.

Installing software on a Mac can be tragically easy. Although the default path for new software requires a password, you can still drag and drop whole program files out of e-mails, and they'll start right up without any question or password roadblocks. (Try sending yourself the calculator application found on every Mac, and you'll see what I mean.) Add some smart social engineering, such as e-mail coming from the last 10 people you sent messages to, and write a pithy tag line. Do this with Opener, and you've created a weapon of mass Mac destruction.

This isn't to say that Macs are more vulnerable than Windows-based computers. After all, Opener has yet to infect a single machine. But it has sent a loud and clear message. Mac users, welcome to the uncomfortable reality of modern worms and viruses. Start thinking of your machine as no different from a Windows PC. All it takes is one bad worm or virus to ruin your whole week. Salkever is Technology editor for BusinessWeek Online


Toyota's Hydrogen Man
LIMITED-TIME OFFER SUBSCRIBE NOW
 
blog comments powered by Disqus