There’s a lot of buzz around the place today because something we all knew would happen eventually, has finally happened. There is malware out there actively going after Mac users. Is this malware exploiting some flaw in the Mac OS? Nope, it’s exploiting the innocence of many Mac users when it comes to security matters. The exploit actually requires the user to not only run an installer, but also to enter their password to give the installer administrative privileges! The only way this could ever work would be if there were a lot of naive Mac users out there so convinced of their security that they’ll happily install any random crap from internet. Uh oh ….

[tags]Trojan, Apple, OS X[/tags]

So how does this attack work? Well, the process starts by luring the victim to a porn site and promising them a hot and steamy video clip. Then a message is displayed by the site telling the user they need to install a codec to view this aforementioned video and offering them a .dmg file to download. This disk image file contains a package called MacCodec.pkg which the user must then double-click to install. When they do this they are asked to enter their password to grant the installer administrative access. The installer then uses this administrative access to have some fun with the victim’s DNS settings pointing them at a malicious DNS server that will serve them up phishing sites, ads and porn as well as installing a service to re-set the DNS settings every hour to make sure you can’t recover simply by correcting your DNS settings.

You can find out more about this trojan at the links below:

This trojan is very clever because it exploits the weakest link in OS X security, those smug mac users who brag about how safe and secure they are to their unenlightened Windows brethren. I think it’s fair to say that the average Mac user labours under the illusion that you don’t have to worry about security on the Mac. Well, today’s news proves what I’ve been saying for ages, Mac users need to be aware of security issues too, just like everybody else.

So, what can you do to protect yourself? Well, you could go out and buy yourself some anti virus software that will protect you from known threats and eat up your resources, or you could apply some common-sense to your daily computer use, or both. Personally, I’m a big fan of the common-sense approach. Here are some simple steps I’d suggest:

  • Keep your OS up-to-date at all times
  • Keep all your programs up-to-date at all times, especially any that use the internet like browsers, mail clients, iTunes, chat clients, RSS Aggregators, etc..
  • Don’t install anything you didn’t get from a trusted source.
  • Don’t open any attachments you weren’t expecting to get, particularly if they contain password protected zip files or any sort of executable file
  • Be suspicious of all installers that ask for administrative access
  • Keep an eye on the US CERT Current Activity page or better yet, subscribe to their feed.

If you’re a Mac user it’s time to stop taking security for granted and to apply some simple precautions.