Mac users ‘just as easily duped by cybercriminals’

Ben Camm-Jones
4 April, 2012
View more articles fromthe author

In the face of new threats aimed at OS X, a security expert has warned that Mac users may be even more vulnerable than Windows users.

Because Windows users are more likely to be running up-to-date anti-virus programs, Graham Cluley of Sophos says that many Mac users are missing a “valuable safety net”.

In the face of several new threats targeting Mac OS X that have been discovered in recent weeks, Mac users should make sure that they have some form of protection, Cluley said. However, keeping your computer safe from cybercriminals isn’t just a case of having anti-virus programs installed – it’s about making sensible choices as well.

“As we have seen on the Windows platform, the majority of the attacks do not exploit any weakness in the operating system but instead take advantage of the bug in people’s brains. Mac users can be just as easily duped as their Windows cousins into making poor choices and could end up infected as a result, Cluley told Macworld.

“The only difference is that if you’re running Windows you’re much more likely to have protected yourself with up-to-date anti-virus software which acts as a valuable safety net.”

Cluley’s comments come in the wake of the discovery of a new threat that bypasses OS X’s built-in security protection features. Last week, AlienVault reported that it had encountered a malicious Microsoft Office for Mac file that on the surface appeared to be targeting non-governmental organisations in Tibet.

“A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploits this vulnerability could take complete control of an affected system,” wrote Jaime Blasco on the AlienVault Labs blog.

Fellow security firm Intego warned that it was necessary to make sure you keep all software, not just anti-virus programs, updated, as though this attack seemed to be targeted, it could be adapted for use against other OS X systems.

“These Word documents exploit a Word vulnerability that was corrected in June, 2009, but also take advantage of the fact that many users don’t update such software. Word 2004 and 2008 are vulnerable, but the latest version, Word 2011 is not. Also, this vulnerability only works with .doc files and not the newer .docx format.

“This malware is fairly sophisticated and it is worth pointing out that the code in these Word documents is not encrypted, so any malware writer who gets copies of them may be able to alter the code and distribute their own versions of these documents.”

Sophos’ Cluley warned that OS X would not protect against these attacks, which can be used to open up a Mac to further malware.

“Don’t be fooled into thinking that you are protected by Mac OS X itself, which will ask for an administrator’s username and password to install software. You won’t see any prompt for credentials when this malware installs, as it is a userland Trojan. Neither the /tmp/ nor /$HOME/Library/LaunchAgents folders on Mac OS X require root privileges – meaning that software applications can run in userland with no difficulties and even open up network sockets to transfer data.”

One Comment

One person was compelled to have their say. We encourage you to do the same..

  1. Tony says:

    I have been reading this story for as long as ave been reading about Macs. It is all driven by ant virus software providers who have not yet gotten around to flooding the web with viruses designed for that Mac that they can then supply the cure for.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us