Be warned: Apple's comeback in the world of personal computing brings with it a heightened level of security risks for its customers, not unlike those Microsoft Windows devotees have faced for years. Reports surfaced earlier this week of a malicious new Trojan horse–like piece of software found on several pornography Web sites that has the potential to let cyber thieves take control of infected Mac computers so they can steal personal information.
Trojans are known for their ability to appear to be legitimate and necessary pieces of software that turn malicious once installed. Although the new Mac Trojan is easy to avoid because it is mostly limited to porn sites (and who visits those?), computer security experts say this piece of malware has the hallmark of being written by professional cyber criminals and is likely to be a sign of more bad things to come for Apple fans.
"This one comes from a professional source that's testing the water—maybe to see how Mac users react and how difficult it is to get Mac-specific malware out into the world," says David Harley, a computer security consultant based in England. "From the analyses that I've seen, it's got the fingerprints of the Zlob malware that's been around for awhile." Zlob is a computer infection known to afflict Windows PCs, allowing cyber attackers to install backdoor programs that give them access to personal information on compromised PCs. Once these attackers can remotely control infected computers they can use them as a launching pad for spam e-mail without the knowledge of the computers' owners.
Even worse, Trojans often use a technique known as social engineering to trick Web surfers into downloading them onto their computers. If a surfer visits a pornographic Web site infected with the Trojan, she will be greeted with a message stating that a special video codec is required to view free videos. A codec is a program used to encode and decode digital information so that it can be viewed only by those with permission to do so. If the surfer proceeds with the installation, the Trojan downloads to her computer with the ability to manipulate that computer's Domain Name System (DNS) server, which is then used to look up the correspondences between domain names such as SciAm.com and the IP addresses of Web sites and other Internet services. From then on, cyber criminals can hijack that infected computer, redirecting Web surfers from legitimate Web sites to those designed to steal Social Security, credit card or other personal information.
The Mac Trojan uses "simple social engineering, which works time and time again on Windows users, and I see no reason why it won't work with Mac users as well," Harley says.
The most dangerous security threat to computer users is one that takes advantage of software flaws before Apple, Microsoft or any other software company is aware these defects exist. Although Microsoft Windows users have been dealing with such so-called zero-day threats for years, Apple Mac users have generally been spared by cyber attackers because there are simply more Windows users to target.
This new Trojan, however, affects Mac computers running OS X versions 10.4 (Tiger) and 10.5 (Leopard), according to reports from about a dozen information technology security research firms, including Austin, Tex.–based Intego, which first discovered the problem. Of course, such companies also sell software used to combat computer security threats and have been routinely criticized by Apple, Microsoft and other companies for pointing out security flaws (legitimate as they may be) in order to sell more of their security products. Apple did not respond to a request to be interviewed for this story.
The good news is that Web surfers can prevent infection simply by not downloading the fake codec software, or by avoiding porn sites altogether—whichever is easier.