Tsunami Trojan: First Mac attack based on Linux crack
Slips in Mac OS X backdoor, phones home
Malware writers have derived a new Trojan for Mac OS X by porting an older Linux backdoor Trojan horse onto another platform.
The newly discovered Tsunami Trojan is derived from an earlier Linux-infecting backdoor Trojan, called Kaiten, which phoned home from infected machines to an IRC channel for further instructions. Security firms are still in the process of analysing Tsunami but early speculation suggests it may be a DDoS attack tool.
"Mac users are reminded that even though there is far less malware in existence for Mac OS X than for Windows, that doesn't mean the problem is non-existent," writes Graham Cluley of net security firm Sophos.
"We fully expect to see cybercriminals continuing to target poorly protected Mac computers in the future. If the bad guys think they can make money out of infecting and compromising Macs, they will keep trying. My advice to Mac users is simple: don't be a soft target, protect yourself."
Mac Trojan authors have previously used Windows backdoor code but the Tsunami Trojan is the first case we've across, at least, where malware tricks from the world of *nix have been turned against Macs. ®
"My advice to Mac users is simple: stay scared of vague security threats so that we can sell you our products"
There. Fixed that for you, Graham.
While the threat of trojans (note; there are still no know viruses for the Mac in the wild) on the Mac are clearly very real and Mac users blatantly need to be vigilant and careful, the Sophos article reads like a sales pitch. There is no information on how it's contracted and a little bit of what can only be described a scare-mongering ("But remember this - not only is participating in a DDoS attack illegal..." or "Install Sophos or you could be breaking the law"). Tell us how to avoid it (no - installing Sophos isn't helping avoidance).
I dont think that this is anything but a test. Simply to see what they can infect using an ancient trojan's code.
Its because Malware authors realized that Mac users are by and large wealthy and fairly dim (sweeping generalization here, not all Mac users are dim. For instance Mac Devs certainly are NOT stupid, hell they're smarter than me, I should have gotten in on the Apple racket sooner, alot of users are though, but I doubt they get off MacRumors to read El Reg).
Anyway, just think here. What are you going to go after if you're Boris and his sister Svetlana? You going to target a Linux user that is more than likely going to know something's up when weird things start happening or FLASK/SELinux freaks out, a corporate Unix install where they're probably going to notice unauthorized installation on a Sudoer's account during the next audit, a Windows machine that more than likely has some form of AV software making it a harder target (plus they don't tend to have as much money), or a very stereotypical Day Trader Apple Fanboi, with too much money, no AV, and not enough protection because he has a very false sense of security that Apple as a corporation only irresponsibly reinforces.
If I'm Boris and Svetlana, Im going to go for the softest target, especially one thats not only a Soft Target but a Soft Target with alot of Monetary assets to his or her name.
Im sure this will enrage the lot of you, but stop and think about the socioeconomics and practical strategic and tactical thinking behind this for a few minutes.