A new virus targeting Mac OS X is not expected to cause much trouble. But malcode experts said it should serve as a warning to those using alternatives to Microsoft that their machines are not attack-proof.
"I don't see this particular virus as much of a threat, but I worry about the functionality of it," said Mikko Hypponen, director of antivirus research for Finnish antivirus firm F-Secure Corp. "It shows there's a lot of activity in the underground hacking community to find ways to attack Macintosh systems."
The virus, known as Opener or Renopo, attempts to turn off the Mac OS X firewall and other security software. It will download and install hacker tools for password-sniffing and cracking, make key system directories world-writeable and create an admin-level user for later system abuse, according to Lynnfield, Mass.-based antivirus firm Sophos. It also turns off accounting and logging functions to help hide its presence, the company said.
"Mac users tend to be zealous about how their computers are more attack-proof than Microsoft systems, and this virus illustrates that's not really the case," said Graham Cluley, senior technology consultant for Sophos. "There have always been viruses that target Macintosh, just fewer. This virus isn't a pressing danger. But it's a shot across the bow for Mac users, a warning that they can't turn a blind eye to security."
Hypponen said, "Many of my friends have migrated to Macintosh computers and they are growing more attractive as an alternative to Microsoft. But people should remember that every single computer is hooked to the Internet and other computer systems, so the potential for attack is real. Because of their growing popularity, I think we're going to see more attacks that target Macintosh systems."
While Hypponen and Cluley don't see this virus as a pressing threat, they agree it has the potential to cause problems for those who are infected.
"Renepo makes so many security-related changes to your systems that all bets are off once you have been compromised," Cluley said. "Because the worm attempts to harvest user, configuration and password data for a wide range of applications, it represents a huge security headache for all administrators, creating a backdoor to leave infected computers vulnerable to further attack."
Hypponen said there are actually two variants: Opener-A and Opener-B. "Opener-A won't replicate or spread. The B version doesn't work great but is better at replicating. It jumps from one Mac to another but not necessarily from one country to another." But, he repeated, it's a sign that attackers are taking a new interest in Macintosh systems.