Mac OS X worm: time to get worried?

Stephen Withers
Wednesday, 06 May 2009 06:41

Opinion and Analysis

According to Intego, Tored is a proof-of-concept created with RealBasic, which is not the malware writers' usual tool of choice.

Intego says the malware works by copying itself into the System and System/Library/StartupItems folders so it runs automatically after subsequent logins.

Tored attempts to spread using "an SMTP server that is currently non-existent" so that doesn't get it very far. Furthermore, "the code in this malware is faulty, and it does not work correctly, so there is no real threat from this malware."

So it would seem that the usual precautions (not blindly opening every attachment that arrives by email, or every file that appears in shared folders) would suffice, and even if you are careless there may not be any real harm done.

Sophos added Tored detection to its antivirus products last weekend. Senior technology consultant Graham Cluely described it as "a lame email worm" and said "Bugs in the worm's code, however, mean it is unlikely that you will ever encounter it, even if the author had taken the time to correct the many spelling mistakes in the emails it tries to send. So don't lose too much sleep."

"For now, I think a much more real threat for Apple fanatics is that of websites hosting malicious applications designed to undermine their Mac's security," he added, in a reference to the RSPlug malware.

But bugs can be fixed, and mail servers put into action. So to borrow a slogan, it's time to be alert, not alarmed.