Mac computers are known for their near-immunity to malicious computer programs that plague PCs.
But that may be changing somewhat, according to computer security researchers. It seems that as sleek Mac computers become more popular, they’re also more sought-after targets for the authors of harmful programs. “The bad guys generally go toward the biggest target, what will get them the biggest bang for their buck,” said Kevin Haley, a director of security response at Symantec. Until recently, the big target always was Microsoft Windows, and Apple computers were protected by “relative obscurity,” he said. But blogs are buzzing this week about what two Symantec researchers have called the first harmful computer program to strike specifically at Mac. This Trojan horse program, dubbed the “iBotnet,” has infected only a few thousand Mac machines, but it represents a step in the evolution of malicious computer software, Haley said. The iBotnet is a sign that harmful programs are moving toward Mac, said Paul Henry, a forensics and security analyst at Lumension Security in Arizona.
Don’t Miss
Should you heed all your software updates
Is it really safe to download software
A to Z of online piracy
“We all knew it was going to happen,” he said. “It was just a matter of time, and, personally, I think we’re going to see a lot more of it.” The malicious software was first reported in January. It didn’t gain widespread attention until recently, when Mario Ballano Barcena and Alfredo Pesoli of Symantec, maker of the popular Norton antivirus products, detailed the software in a publication called “Virus Bulletin.” Mac users at large, however, should not be alarmed by the incident, experts said. The program infects only computers whose users downloaded pirated versions of the Mac software iWork. The harmful software is a Trojan horse, meaning it tries to sneak into the computer with some sort of permission from the user. Computer worms travel differently. They wiggle their way into computers and replicate without the owner’s approval or knowledge. The Mac program is called a botnet because infected computers become part of a network that is controlled by the program’s author. The Mac botnet is significantly less threatening than computer worms like the much-publicized Conficker.c, said Jose Nazario, a senior security researcher with Arbor Networks. Conficker was thought to have infected up to 10 million computers, compared with thousands for the iBotnet, researchers said. There’s also some question as to whether it is the first botnet to target Mac. Others have targeted both PCs and Apple computers. “This isn’t the first botnet that’s been built using Mac computers,” Nazario said. “This is an interesting one in that it’s a little more flexible and includes some new features. … It’s getting a lot of press mostly because it’s Mac and people are talking about how Macs are immune to malware — and, sure enough, they’re not.” The potential damage that could be caused by the Mac botnet is also less severe than other attacks, said Darrell Etherington, a contributor to theAppleBlog, which is not affiliated with the computer company. “It’s a very low-level attack,” he said. “Some people won’t even notice the effect of it.” It is in the interest of software companies like Symantec, who spread the news, and McAfee, which has downplayed the presence of the Trojan, to raise concerns so they can promote their antivirus software packages, he said. “Yes, it is going to become a bigger problem and, yes, people have to become more aware, but I think that what McAfee and Symantec would like is for the panic to start and for people to start rushing to antivirus software,” which isn’t necessary yet, Etherington said. In a statement, Apple said it is working to prevent security problems. “Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users,” the statement says. Only about 7.4 percent of computer users work on Macs, according to Gartner, a technology research firm. That user base is proportionally more affluent than PC users, Etherington said, which may make Mac a bigger target. But overall, Macs are still far less vulnerable to attack than PCs, he said. Haley said news of the Apple botnet is significant in part because it’s something other authors of malicious code can build from. “I don’t think it’s a tipping point; I think it’s an evolutionary step. We see virus authors often use what somebody else has done,” he said. “There’s a model. There’s something out there to follow.”
