Macintosh Malware + Twitter = Greater Vigilance (If You're Smart) - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // IT Strategy
Commentary
6/26/2009
06:51 PM
Jake Widman
Jake Widman
Commentary
50%
50%

Macintosh Malware + Twitter = Greater Vigilance (If You're Smart)

Tweets from a respected Macintosh evangelist inadvertently contained links to a Trojan horse aimed at Macintosh computers. The incident should serve as a warning to Mac-using SMBs that while their Macs aren't nearly as subject to malware attacks as Windows machines are, that's not a guarantee that nothing bad can happen.

Tweets from a respected Macintosh evangelist inadvertently contained links to a Trojan horse aimed at Macintosh computers. The incident should serve as a warning to Mac-using SMBs that while their Macs aren't nearly as subject to malware attacks as Windows machines are, that's not a guarantee that nothing bad can happen.One of the better reasons for basing your business on Mac computers is that there has never been as much malware, adware, spyware, and so on for Macs as our Windows-using brethren have to contend with. That not only simplifies your IT tasks, it provides a better level of information security.

But that doesn't mean your Macs are immune. Several proof-of-concepts have demonstrated that someone can hack into a Mac, and recently Mac malware has started to show up in the wild. The debate continues over whether the reason there isn't more is OS X's inherently better resistance or just the fact that compared to Windows machines, the Mac doesn't afford a target-rich environment. Unfortunately, more Mac means more targets.

The recent case involves a Trojan called OSX/Jahlav-C. First reported in early June, this bit of nastiness comes disguised as software required to watch a pornographic video. It identifies itself as a Video ActiveX Object, which should set off alarm bells in savvy Mac users' head already, as ActiveX is a Windows technology.

Downloading the file opens what looked like a standard Mac installer for a tool called MacCinema. But what the program really installs is an "AdobeFlash" shell script which in turn contains a Perl script. The Perl script can communicate with a remote website and download more code, though it's not clear whether that's actually happened to anyone.

Earlier this week, Guy Kawasaki's Twitter feed invited viewers to download a "Leighton Meester sex tape video free." (Venture capitalist Kawasaki was part of the original Mac marketing effort and has almost 140,000 Twitter followers.) Anyone who followed the link and the instructions would have installed OSX/Jahlav-C on their machine. Kawasaki had nothing to do with the process--his Twitter account automatically retweets material posted to the NowPublic user-contributed news site, and that was the source of the bogus Meester story.

The point of all this is not to slam Kawasaki or make fun of Twitter. It's to serve as a reminder to you and your staff that smugness (however justified) is not in itself a defense. Windows users have learned the hard way that no business can afford to be cavalier about security. The smart Mac SMB will pay attention to incidents like this week's and learn that lesson the easy way.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
Commentary
How CIOs Can Advance Company Sustainability Goals
Lisa Morgan, Freelance Writer,  5/26/2021
Slideshows
IT Skills: Top 10 Programming Languages for 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/21/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll