Subscribe

Mac virus surfaces

By Damian Clarkson, ITWeb junior journalist
Johannesburg, 25 Oct 2004

Security experts have discovered a worm that targets Apple`s Macintosh OS X operating system.

While not in the wild, the SH/Renopo worm is still fairly malicious as it attempts to turn off firewall and other security software, says Brett Myroff, CEO of local Sophos distributor Netxactics.

"The worm, also known as Opener, can turn off the Mac OS X firewall and other security software; will download and install hacker tools for password-sniffing and cracking; will make key system directories world write-able; and will create an admin-level user for later system abuse."

Renepo also turns off accounting and logging to help hide its presence, adds Myroff. "You do not want the Renepo worm anywhere near your Mac OS X network, as it makes so many security-related changes to your systems that all bets are off once you have been compromised."

Because the worm attempts to harvest user, configuration and password data for a wide range of applications, it represents a huge security headache for all administrators, creating a backdoor to leave infected computers vulnerable to further attack, says Myroff.

The emergence of the worm serves as a timely reminder for Macintosh users to avoid complacency in terms of malware threats, he adds.

"This is a shot across the bows rather than a pressing immediate danger to Mac environments. The Renepo worm reminds Mac users, who may have felt smug that most viruses target the Microsoft Windows market, that they should be careful not to turn a blind eye to security."

The shell script used by the Renepo worm contains a number of comments from its authors, including

Myroff says it is relatively rare for viruses to target Mac OS. "You could speculate that as patching has made it slightly harder to get viruses through to Microsoft systems, virus authors may target other systems. The worrying thing is this could be the start of a new trend to try targeting Mac users instead. This worm creates a huge security risk."

Share