Macintosh Malware + Twitter = Greater Vigilance (If You're Smart) - InformationWeek
IoT
IoT
IT Leadership // IT Strategy
Commentary
6/26/2009
06:51 PM
Jake Widman
Jake Widman
Commentary
50%
50%
RELATED EVENTS
[Cybersecurity] Costs, Risks, & Benefits
Feb 28, 2017
How much should your organization spend on information security? What's the potential cost of a ma ...Read More>>

Macintosh Malware + Twitter = Greater Vigilance (If You're Smart)

Tweets from a respected Macintosh evangelist inadvertently contained links to a Trojan horse aimed at Macintosh computers. The incident should serve as a warning to Mac-using SMBs that while their Macs aren't nearly as subject to malware attacks as Windows machines are, that's not a guarantee that nothing bad can happen.

Tweets from a respected Macintosh evangelist inadvertently contained links to a Trojan horse aimed at Macintosh computers. The incident should serve as a warning to Mac-using SMBs that while their Macs aren't nearly as subject to malware attacks as Windows machines are, that's not a guarantee that nothing bad can happen.One of the better reasons for basing your business on Mac computers is that there has never been as much malware, adware, spyware, and so on for Macs as our Windows-using brethren have to contend with. That not only simplifies your IT tasks, it provides a better level of information security.

But that doesn't mean your Macs are immune. Several proof-of-concepts have demonstrated that someone can hack into a Mac, and recently Mac malware has started to show up in the wild. The debate continues over whether the reason there isn't more is OS X's inherently better resistance or just the fact that compared to Windows machines, the Mac doesn't afford a target-rich environment. Unfortunately, more Mac means more targets.

The recent case involves a Trojan called OSX/Jahlav-C. First reported in early June, this bit of nastiness comes disguised as software required to watch a pornographic video. It identifies itself as a Video ActiveX Object, which should set off alarm bells in savvy Mac users' head already, as ActiveX is a Windows technology.

Downloading the file opens what looked like a standard Mac installer for a tool called MacCinema. But what the program really installs is an "AdobeFlash" shell script which in turn contains a Perl script. The Perl script can communicate with a remote website and download more code, though it's not clear whether that's actually happened to anyone.

Earlier this week, Guy Kawasaki's Twitter feed invited viewers to download a "Leighton Meester sex tape video free." (Venture capitalist Kawasaki was part of the original Mac marketing effort and has almost 140,000 Twitter followers.) Anyone who followed the link and the instructions would have installed OSX/Jahlav-C on their machine. Kawasaki had nothing to do with the process--his Twitter account automatically retweets material posted to the NowPublic user-contributed news site, and that was the source of the bogus Meester story.

The point of all this is not to slam Kawasaki or make fun of Twitter. It's to serve as a reminder to you and your staff that smugness (however justified) is not in itself a defense. Windows users have learned the hard way that no business can afford to be cavalier about security. The smart Mac SMB will pay attention to incidents like this week's and learn that lesson the easy way.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll