More Mac OS X malware discovered

London busMac malware can seem like buses – you see none for ages and then two come along at once.

Last night, SophosLabs was sent a message containing what claimed to be the “SRC CoDE of new Macintosh Worm” and so our Canadian labs released OSX/Tored-Fam, a generic way for us to detect future variants of the Tored family of malware.

One of the files was called ReadIt.txt and contained the following text:

RESPECT about what are you talking about me (cybercriminal..)
Dont say what you ignore !!!!!!!!

Then, this morning, Graham pointed me in the direction of the ParetoLogic blog which detailed a new piece of malware (which Sophos detects as OSX/Jahlav-C) hiding out on what presents itself as a hardcore porn website.

Is it safe to surf for porn on an Apple Mac? from SophosLabs on Vimeo.

OSX/Jahlav-C is an update to previous versions of Jahlav and will eventually run a Perl script that “uses http to communicate with a remote website and download code supplied by the attacker.”

What makes these events stranger is that yesterday afternoon I was being questioned by Ben Jupp, one of Sophos’s Senior Technical Support Specialists, about a talk he was giving on Mac malware at an OxMUG Meeting.

The last thing I said to him was that there would be more Macintosh malware. Prophetic words indeed.