Apple enthusiasts have defended the security reputation of Mac OS X against a rising tide of threats since the beginning of 2006. Now they have to worry about a piece of malware that has long targeted Microsoft Windows machines but has now been tweaked to actively target their operating system.
Allysa Myers of McAfee Avert Labs described the threat Wednesday in the McAfee blog, saying a family of malware called Puper -- which has been plaguing Windows users in increasing numbers since 2005 -- is suddenly targeting Mac machines. She called the malware "a nasty beast" because of its nefarious installation tactics. Most notably, she noted, it has been found to install itself by way of exploits on infected MySpace pages.
She described the threat to Mac users this way: "Say you're out searching for a bit of porn with your blissfully malware-free Mac. You're led to a site which says you need to install a new codec to view the videos they offer. You try to install this codec, but instead you get a nasty and silent surprise. After all that, you still get no videos."
Myers said that when the newest Puper fake codec site is accessed by a Mac OS X machine, the file which is offered is a .dmg file instead of the usual .exe file one would see on Windows. Once it runs, she said, it begins installing an application called "MacCodec."
"This is no PoC (proof of concept)," she said. "This is not a drill."
Apple enthusiasts have long touted Mac OS X as a more secure alternative to Microsoft Windows, which has suffered the majority of attacks in recent years. But the digital underground has taken an increased interest in the Mac since the start of 2006, when the first malware targeting Mac OS X appeared on the scene.
In an email to SearchSecurity.com Wednesday, Gadi Evron, a security evangelist with McLean, Va.-based Beyond Security, predicted that Mac users are now going to pay for what some see as a sense of hubris over security.
"This means one thing: Apple's day has finally come and Apple users are going to get hit hard," he said. "All those unpatched vulnerabilities from years past are going to bite them in the behind. I can sum it up in one sentence: OS X is the new Windows 98."