HEAT Security Blog

A Big Mac Attack

Like most readers, I’ve been using computers for a long time. For me it started with the PLATO project at the University of Illinois (Go Illini!!), with its cool touch panels. Then punch cards on mainframes. Then micros, minis … and finally the DOS-based PC. [Remember the dual-floppy drive 5150?] Yup, those were the days … lots of hijinks, but no real worries about viruses, trojans, phishing and so on.

Fast forward a few … um … years and, for the first time in my working life I’m bereft of any computing infrastructure. No machine, no legacy apps or data. [Long story … you don’t wanna know.] And, not to start a religious war or anything, it was at this point that I decided to go with an Apple; a sleek MacBookPro, to be precise. Lots of reasons for this, but one of the main drivers was the promise of not having to deal with anti-virus, anti-spyware, registry clean-up software … you know, security software. [Side benefit = not getting gleeful/gloating emails from my brother about how weak (in several meanings of the word) and vulnerable my PC-based systems were.] Although I knew it wasn’t going to last, I figured I was done with all that scanning and tweaking and worrying for a while.

Well, I was basically right. The reprieve lasted (just a little) while. News out recently shows that the days of milk and honey are coming to an end for us Mac users. It all started back in December/January when researchers spotted a couple different kinds of trojans attached to pirated copies of iWork 09 and Adobe Photoshop CS4 for Mac; no biggie, my brother said, as long you don’t download pirated software. True enough, but those seem to be storm clouds gathering on the horizon. After all, first the iPod and then the iPhone brought Apple back into mainstream consciousness; I mean, sure, Apples were always fashionable in some circles, but not since Super Bowl XVIII have I seen such interest in Apple outside, um, certain circles; in fact, there was talk about Apple finally piercing the corporate veil in 2008. All this resulted in Apple shipping over 20% of the retail machines in late 2009; a bright spot in an otherwise bleak time. However, to my mind all this interest meant that the bad guys would eventually get interested; if not for immediate profit, perhaps to set up some long game or even to own bragging rights to the first Mac-based botnet established.

So last month, it hit. Some researchers discovered a direct link between the malware tagged onto that pirated software and  what appears to be the first denial-of-service attacks from a Mac botnet (OK, maybe the second). It seems there may be a couple of variants of a trojan called iServices (or iBotNet) which were activated by a different player, according to (sub. req’d) researchers Mario Ballano Barcena and Alfredo Pesoli from Symantec. All this unleashed a torrent of emotional verbiage. [Remember when Apple recommended putting AV software on your Mac, or maybe not?] Well, all that’s calmed down a bit, but the question remains: what do we Mac users do now? The short answer is, as David Coursey wrote: nothing much, yet. Here are my suggestions (in no particular order) …

Don’t Pirate Software. Simple, eh?
Think Ecosystem. Remember, there’s a lot more to your Mac than a feline predator (Tiger, Leopard, etc…). So, while the OS might not bite you, what about your apps? It’s important to keep all of them updated.
Tune Your Antennae. We Mac users have been able to slide by somewhat (gleefully) oblivious to malware. Well, it’s time to start tweaking your antennae; it may not be tin foil hat time yet, but you might want to avoid being the proverbial boiling frog.
Secure Your Browser. A recent study has shown that only 55% of folks visiting Google are using the latest, most secure browser version. Among the best: Google’s Chrome (with it’s forced updating and sandboxing capability) and Mozilla’s Firefox (with it’s default update mode). The worst: Safari and Opera. As Ars Technica puts it: Better go check to make sure you’re up to date.
Security vs. Safety. You might remember that Charlie Miller’s comment after pwning a Mac via Safari in a matter of seconds at this year’s Pwn2Own event: Macs are more safe, though less secure. Time to understand and embrace this notion.