The Mac Security Blog
According to the Financial Times, Google has decided to stop using Windows computers because of security concerns. The company began this change in January, following an incident where Google’s computers in China were hacked, and it seems that the more than 10,000 employees of the company will be making the change.
One employee is quoted as having said, “Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks.” While it’s not clear how many of these employees are moving to Macs, the Financial Times states that “New hires are now given the option of using Apple’s Mac computers or PCs running the Linux operating system.” However, it is just as likely that Google will be inciting its employees to use its own Chrome operating system, which will be released soon.
Google employees do get to choose which OS they use, however, unlike what is the norm in most companies. As one employee said, “It would have made more people upset if they banned Macs rather than Windows.”
Malware: OSX/HellRTS.D
Discovered: April 14, 2010
Risk: Low
Description: Intego has discovered a new variant of a malware for Mac, called HellRTS, which, when installed on computers running Mac OS X, opens a backdoor that allows remote users to take control of infected Macs and perform actions on them. Intego identifies this backdoor as OSX/HellRTS.D, a variant of an early Mac OS X malware first spotted in 2004.
HellRTS, built in RealBasic, and a Universal Binary able to run on both PowerPC- and Intel-Based Macs, is able to perform a number of operations if installed on a Mac. It sets up its own server and configures a server port and password. It duplicates itself, using the names of different applications, adding the new version to a user’s login items, to ensure that it starts up at login. (These different names can make it hard to detect, not only in login items, but also in Activity Monitor.) It can send e-mail with its own mail server, contact a remote server, and provide direct access to an infected Mac. It can also perform a number of operations such as providing remote screen-sharing access, shutting down or restarting a Mac, accessing an infected Mac’s clipboard, and much more.
This backdoor requires installation on a Mac, which could be carried out via a Trojan horse, or by exploiting a vulnerability in a program that accesses the Internet (such as a web browser). While Intego has not found any instances of Macs being infected by this in the wild, the fact that this malware is being distributed on a number of forums shows that it will be accessible to a large number of malicious users who may attempt to use it to attack Macs.
Means of protection: Intego VirusBarrier X5 and X6 detect and eradicate this malware, which it identifies it as OSX/HellRTS.D, with its threat filters dated April 15, 2010 or later.
More and more Mac users run Windows on their Macs, either with Boot Camp or with virtualization software, such as VMware Fusion or Parallels Desktop. This presents new security risks to these users, many of whom are unfamiliar with Windows security issues.
A Macworld article, Living with Windows: security, looks at the issues Mac users need to know about, and shows how software such as Intego VirusBarrier X6 protects both Mac and Windows operating systems.
Just a quick plug for Intego’s VirusBarrier X6 Dual Protection, which includes VirusBarrier X6 together with great antivirus software from BitDefender. It allows Mac users to install great security software on both platforms for just a few dollars more than the cost of VirusBarrier X6 alone.
It’s time, once again, for the annual crack-a-thon, in which savvy hackers save up their exploits to earn some cold cash. As is usually the case, Macs fell quickly, but so did the iPhone and Windows 7 in day one of the event.
It’s the CanSecWest conference in Vancouver, which hosts the Pwn2Own contest. On Wednesday, the hackers lined up to take their chances at part of a purse of $100,000. The first to fall was the iPhone, which was hacked in “20 seconds.” Naturally, this doesn’t mean that the hackers just started trying to figure out how to hack the device, but spent a couple of weeks doing so in advance of the event. The hackers had discovered a vulnerability, and set up a booby-trapped web page that copied the SMS database from the handset.
Mac hacker Charlie Miller cracked a MacBook, using using Safari and a drive-by download. This was Miller’s third consecutive victory against the Mac, and it was worth $10,000. (There’s a short video of Charlie Miller discussing this on YouTube.)
And at the same time, Windows 7 fell to a Dutch hacker who exploited two Internet Explorer vulnerabilities. He, too, won a prize of $10,000. And a German hacker cut through the defenses in Mozilla Firefox to get at Windows 7.
While this sort of exploit doesn’t suggest that the hackers found vulnerabilities and cracked them on the same day, it does show that experienced hackers can crack pretty much any system given time. None of these vulnerabilities involve the type of social engineering that tricks people into installing Trojan horses. There is no user interaction allowed in this contest, other than directing a user to a web site. (Browser-based vulnerabilities are the easiest to crack, in fact.) All of these vulnerabilities could be exploited in the wild, as these hackers demonstrate.
This was just day one of the Pwn2Own contest. Other platforms and devices are sure to be hacked in the following days, but the prizes for some of them are lower, and fewer hackers are interested in spending the time to work on their vulnerabilities. Full information about the contest, the targets, and the prizes can be found here.
2009 was another busy year for Mac security and malware, with new threats targeting Macs, iPhones being attacked, and a large number of Mac OS X vulnerabilities. We’ve prepared a PDF document with our annual report of all things related to Mac security. Download a copy to get an overview of what’s happened in the world of Mac security over the past 12 months. From Mac Trojan horses to iPhone malware, 2009 was a very busy year.