Menu
Mac worm sparks security concerns

Mac worm sparks security concerns

Antivirus experts have warned Mac users and sysadmins against becoming complacent about security after the discovery of a worm targeting the Mac OS X operating system.

The Mac platform is not immune from security threats, affected as it is by numerous vulnerabilities (many derived from its Unix components) and several thousand macro viruses. However, worms have been all but unknown on the Mac since the late 1980s, security experts said.

The appearance of the Opener, or Renepo, worm may signal that worm writers are getting interested in the platform again, possibly because it is now easy to write malicious code that runs on the Mac as well as other Unix variants, experts said. "Hopefully, (Renepo's) existence will be a timely warning to any Mac users who still assume they are safe because the bad guys aren't interested in the Mac platform," said Paul Ducklin, Asia Pacific Head of Technology for anti-virus firm Sophos.

The worm, called SH/Renepo-A by Sophos, MacOS.Renepo.B by Symantec and Unix/Opener.Worm by McAfee, was discovered on Friday and anti-virus vendors rolled out protection over the weekend. It arrives in the form of a Bash shell script and replicates itself over local networks. However, its ability to spread is limited, as it does not use email or file-sharing programs to distribute copies of itself, researchers said. The worm also requires a high level of access to infect a PC, making it more likely to be executed on a system that has already been compromised in some other way, Sophos said.

Given these limitations, the worm is still particularly destructive, and because it turns off logging, anti-virus and security software, it is difficult to tell whether an affected system has been hit by additional problems, researchers said. The worm collects sensitive data such as passwords, and then reports infected systems to a remote server.

Among other actions, the worm turns on filesharing and ssh, installs a password cracker and a password sniffer, harvests Windows password hashes from samba, and creates a new admin-level account for future use by attackers.

"The computer's state is compromised to the extent that anyone with knowledge of the script could login and access the log files containing serial numbers and passwords," said Symantec in an advisory.

Apple Computer has recently come under attack for downplaying the seriousness of Mac OS X security holes in order to maintain the impression that Mac users are safer than users of other platforms. In May, for example, security experts criticized the company for going out of its way to describe a serious vulnerability as "theoretical". More recently Apple fixed a batch of 15 flaws in OS X, followed by a fix for a bug in iChat that could have allowed attackers to run malicious code on a system.

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Upcoming

Slideshows

IN PICTURES: VMworld 2015 Asia-Pacific and Japan party (+ 32 photos)

IN PICTURES: VMworld 2015 Asia-Pacific and Japan party (+ 32 photos)

VMware recently held an Asia-Pacific and Japan party for its partners in San Francisco following two days of keynotes and sessions. Whilst mingling and enjoying drinks and finger food, the partners were joined by VMware management who also took the opportunity to let their hair down to have some fun.

IN PICTURES: VMworld 2015 Asia-Pacific and Japan party (+ 32 photos)
IN PICTURES: VMworld 2015 sponsor and partner showcase (+41 photos)

IN PICTURES: VMworld 2015 sponsor and partner showcase (+41 photos)

VMware's sponsors and partners used the opportunity at VMworld 2015 to showcase some of their technologies. At an exhibition hall, these vendors educated those that popped by their stands on these solutions and addressed some of the issues surrounding mobility, datacentres, and the Cloud. SOme of the big names there included f5, Palo Alto Networks, HP, Intel, Samsung, and Symantec.

IN PICTURES: VMworld 2015 sponsor and partner showcase (+41 photos)

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments