A few days ago our labs analysed a new piece of Apple Mac malware, OSX/Tored-A.
Mac malware is still a lot less commonly encountered than Windows malware – although we are seeing a steady increase in reports of threats targeting the Apple operating system in the last couple of years.
Most of the examples of Mac malware we have seen recently are actually Trojan horses, planted on websites or P2P networks posing as – perhaps – codecs in order to watch a sexy video, a utility for viewing high definition TV, or pretending to be a pirated version of iWork.
OSX/Tored is different, however, because it is an email-aware worm which attempts to scoop up email addresses from your infected Mac computer and forward it to others. Its intended purpose, and presumed origin, is revealed in the opening comments of its RealBasic source code:
// First Mac OS X Botnet
//Backdoor.OSX.Raedbot.C ,Reconnaissance worm/bot
//(c) Ag_Raed , Tunisia
Bugs in the worm’s code, however, mean it is unlikely that you will ever encounter it, even if the author had taken the time to correct the many spelling mistakes in the emails it tries to send. So don’t lose too much sleep.
The funniest part for me, however, was the message the worm’s author included to try and facilitate the Tored’s distribution in the Mac community:
For Mac OS X ! :(If you are not on Mac please transfer this mail to a Mac and sorry for our fault :)
For now, I think a much more real threat for Apple fanatics is that of websites hosting malicious applications designed to undermine their Mac’s security, as this recent video of a live Mac malware attack demonstrates:
Apple Mac malware: Caught on camera from SophosLabs on Vimeo.