Long Week for Apple

   We sometimes have bad days, or even a bad week (we won't talk about anything longer than that).  Last week (May 16-20) was one of those really long weeks for Apple in terms of security.

   First, it was revealed that there is now an attacker "construction crime kit" available for creating Trojans {Chapter 2 Security+ 3ed} for the Mac OS X operating system. The kit, which is being sold to attackers, is called the Weyland-Yutani Bot (named after the corporation in the 1979 movie "Alien").  It is said to be the first of its kind to hit the Mac OS platform.  Why is it being released now?  Perhaps it's because of Apple's market penetration.  A research paper published in 2008 predicted that attackers would not take widespread interest in creating malware to attack Apple computers until its market share hit 16% (it's based on something known as "game theory"). There are now three countries in which Apple Mac OS X market share is at that level (Switzerland, Luxembourg, and the US), so the prediction may be on target.  You can read this interesting research paper at www.securitymetrics.org/content/attach/Metricon3.0/j3attAO.pd.

   Then later in the week Microsoft said that the same attackers behind fake security software scams (called "scareware") that Windows users have had to endure for several years are now directing their attention to the Apple Mac.  While visiting a Web site a popup window suddenly appears and says "Your computer may be infected; click here to clean it!" in a very Microsoft-looking (now Mac-looking) dialog box.  Once the user clicks then malware infects the computer whereby it then nags the user with constant pop-up messages and fake alerts until they enter their credit card number to purchase software to fix it (of course, it's not fixed, and now the attackers have stolen the credit card number).  Microsoft calls the Apple scareware "MacOS_X/FakeMacdef," and says the Russian group known as Winwebsec is behind it.  In the last 3 months of 2010 Microsoft's free malware cleaning tool deleted over 600,000 instances of this scareware from Windows PCs.

   And as if that were not enough, last week a security researcher said that Apple's Mac App Store puts users at risk.  Why?  Because software on the Mac App Store is not being updated quickly enough.  For example, the Norwegian-made Opera browser has not been updated on the Mac App Store since March 1, 2011.  Since that time Opera has released two updates to patch vulnerabilities as well as add features and fix a bug that causes it to crash.  This is important because Apple takes sole responsibility for updating (Apple actually requires developers to remove any auto-update features from their software before submitting them to the Mac App Store, thereby forcing users to visit the store just for software security updates).  An Opera spokesperson said that they are waiting for Apple to approve a new version of the browser for the Mac App Store, and that users should visit the Opera Web site to download the latest version.

   It's been a long week for Apple.  Hopefully Apple will take the right steps so that Mac users will not have their own long weeks.

   Stay secure!

http://community.cengage.com/infosec