Two Fresh Apple Security Hacks
By Dan Morrill
Article Date: 2008-11-24
Two new chunks of malware are making the rounds this week that allow an attacker to download code of choice on your apple computer.
What is interesting is that with the increase in sales, and market penetration of Apple computers it is still hard to find software that can actually compromise one. While this is great for Apple, it more likely means that Windows makes the best target out there, and Apple hacking (other than breaking Apple's DRM or Jailbreaking Iphones) has not really caught on yet.
OSX.RSPlug.D was found by Intego, and is your common run of the mill Trojan that pretends to be something useful, in this case a video codec so you can watch the movie you just downloaded.
The other is OSX.TrojanKit.Malez also found by Intego that is a program that installs on the Apple computer and allows for full remote control of the box in classic making a bot net fashion.
Both of these programs requires someone to click on install, or hide themselves in other programs that offer something that a user might want. As always, make sure you are downloading code from a reliable source, and if it does not play in VLC player, it is not worth watching.
About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.