February 20, 2006

The worm turns for Apple users

Matt Wirges, security and privacy analyst for Information Technology at Purdue (ITaP), said users who feel invincible make an especially easy target for computer worms.

"Mac users are at risk because they tend to download anything without fear of viruses," he said.

A "Trojan horse" form of computer worm, identified on Feb. 16, is designed to trick iChat users into downloading and running a file labeled "latestpics.tgz" that seems to be sent by a friend. Once a user opens the e-mail attachment or downloads it as an Internet file, the worm actively tries to delete files on the host computer and infects any programs that are run after it, preventing them from working properly. The worm then sends a copy of itself to each of the people on the host computer's iChat buddy list.

A second computer worm, discovered Feb. 17, targets a security flaw in Mac OS X and uses Bluetooth to propagate itself. Apple provided a fix for the security flaw in June 2005, so experts said this latest attempt is primarily a way to prove the feasibility of the worm.

Although there have been no reports of infected Mac OS X computers, security experts agree these two attempts are likely early test forms of future, more damaging Mac malware.

"These exploits seem to be badly written, with bugs and conceptual problems that limit their damage," Wirges said. "The creators will learn from the trial run and be able to make new versions that go much further."

These security incidents may point to a new trend for Mac OS-based malware and remind Mac users that they, too, need to employ safe computing practices, Wirges said. Anti-virus software for Mac users can be downloaded free using a Purdue career account. Visit the ITaP Web site. To learn more about the Mac Trojan exploit or safe computing practices, visit the SecurePurdue Web site.

Source: Matt Wirges, (765) 496-2307

To the News Service home page