Thursday, June 3, 2010

Mac Malware in the wild, finally?

After hearing much speculation about proof of concept malware or malware that you can only get through illegal warez download sites, here's the first instance I've heard of malware effecting Macs in the wild:

It appears to have been caught very quickly at the sites where it was available for download and its spread limited. It also appears to be highly adaptable. This is nowhere near as virulent as the horror stories of infection on Windows PCs by simply opening an e-mail (without opening the attachment) or visiting a website (without knowingly downloading anything). With Apple touting "no viruses and spyware" as a feature for the past several years, however, Mac users may be less suspicious and less prepared to deal with this type of threat. In this case, a user has to download and install a program that is advertised for a different and quite useful purpose from a trusted download site. Then the software downloads and installs the truly malicious code without the user's knowledge. The truly weak links, here, are the sites (Softpedia, MacUpdate, and VersionTracker) where the malicious download was allowed to be made available. If you can't trust these sites, some of the biggest names in free software download, who can you trust?

No comments: