More Mac Malware

Stephen Withers
Thursday, 11 June 2009 13:23

Opinion and Analysis

A new variant of the Tored malware and yet another bogus codec pose a vague threat to Mac OS X users.

The Tored worm first appeared over a month ago. Its intended function is to harvest email addresses from infected Macs, but there was also an indication that its creator was looking to build a botnet.

Sophos says it has received what purported to be the Tored source code, and now claims to provide generic detection for this malware family.

Meanwhile, Pareto Logic's Malware Diaries chronicles a 'scareware' campaign that selectively delivers unwanted code to systems running Windows or Mac OS X in the guise of a "Video ActiveX Object" that will play the promised pornographic content from the offending site.

Labelled Jahlav-C by Sophos, this little nasty actually installs shell and Perl scripts that communicate with a website to download additional malware.

Other members of the Jahlav family have masqueraded as cracks for proprietary applications.

So far, scepticism and caution seem enough to keep a Mac free from malware, but there are still some holes waiting to be exploited. For instance, Tipping Point's Zero Day Initiative lists five high-impact vulnerabilities that have been acquired and notified to Apple, but which remain unpatched.