Category Archives: Apple

New Mac Malware Resource

Well, actually, it’s an old one. It’s at the Mac Virus site I kicked back into life a few months ago, primarily as a blog site.

However, I’ve been under some pressure to restore some of the features of the old Mac Virus site. While I’ll be restoring some (more) of the pre-OSX stuff for its historical interest, I don’t see that as a big priority right now. But as I’ve been talking quite a lot about Mac threats in the past month or two (see http://macviruscom.wordpress.com/2010/05/13/apple-security-snapshots-from-1997-and-2010/ for example), there’s been curiosity about what we’ve been seeing in the way of OS X malware.

Enter (stage left, with a fanfare of trumpets) the Mac Virus “Apple Malware Descriptions” Page at http://macviruscom.wordpress.com/apple-malware-descriptions/. Right now it consists of two descriptions of Mac scareware from 2008, so it’s at a very early stage of development. (It just happens to be those two descriptions because someone asked me about them yesterday.)

Isn’t this stuff available elsewhere, I hear you ask? Of course it is. The point about these descriptions is that unlike most vendor descriptions, they point to various other sources of (reasonably dependable) information, as well as including a little personal commentary. It’s a first cut at attempting to answer the question “if there’s so much Mac malware around, where is it?”

More later…

David Harley CITP FBCS CISSP
AVIEN Chief Operations Officer
Mac Virus Administrator
ESET Research Fellow and Director of Malware Intelligence

Also blogging at:
http://www.eset.com/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://macvirus.com
http://amtso.wordpress.com/

SRI iBotnet analysis

I’m not a huge fan of SRI, mainly because of its misconceived and inept use of VirusTotal as a measure of a measure of anti-malware effectiveness. (Unfortunately, SRI is not the only organization to misuse what is actually a useful and well-designed service by Hispasec as a sort of poor man’s comparative testing, even though  Hispasec/VirusTotal themselves have been at pains to disassociate themselves from this inappropriate use of the facility: see http://blog.hispasec.com/virustotal/22.)

So it pains me slightly to report that they have actually produced a reasonable analysis of the botnet associated with the iPhone malware sometimes known as Ikee.B or Duh (sigh…) But they have, and it’s at http://mtc.sri.com/iPhone/.

I wish I could say that some of their other web content is of the same standard. Disclaimer: the company for which I currently work does indeed consistently appear at a very low position in SRI rankings, so you’d expect me to dislike the way they get their results. I do… But I dislike even more the way that they’ve ignored all my attempts to engage them on the topic. OK, rant over. The ikee analysis is still well worth a look.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

Mac Whacks Back

It sometimes seems like I’ve spent the last twenty years trying to persuade Mac users that using a system named after a fruit doesn’t mean that there are no snakes in Eden or that angels will protect you from all harm.

Not, perhaps, completely in vain, but apparently many of the old Mac evangelist mindsets continue to prevail, irrespective of the true nature of the threatscape. (Macs don’t get viruses, Trojans don’t matter, there are no Mac vulnerabilities and if there were they’d be fixed immediately, social engineering is irrelevant, Microsoft Bad/Apple Good, blah….) There is a polite but nonetheless naive article that more than hints at this mindset here:

http://www.makemineamac.info/2009/10/dont-bug-me-why-macs-are-still-virus.html

Thanks, however, to Kurt Wismer for reassuring me that Mac security is not just my own personal crusade:

http://anti-virus-rants.blogspot.com/2009/12/why-mac-fanatics-still-believe-theyre.html

I have a feeling I’m not done with this issue. And just to be clear: for most of those 20 years I was working for customers, not for vendors…

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/