Last week a new bit of Malware hit the streets targeting Apple OS X, there has been some over reaction on both sides of the fence about how significant this new development is. So some measured response is required.
Firstly the threat is significant, despite what many are saying. It isn’t the end of the world though, but it is serious enough for OS X users to need to ensure that they are not complacent and take some steps to protect themselves.Many comments have been made to try to deflect the significance of the release of this bit of malware. Firstly many are using the there are more Windows Viruses defense, while this is true, it still doesn’t negate the fact that there is OS X malware out there and it only takes one user to get infected and there will be always a way a user can get infected no matter what the platform is. The other thing to note, is that the only reason there is so much malware for Windows, is it is the predominate platform, therefore it stands to reason that is what people are going to write malware for. OS X is gaining market share and with the extensive marketing done by Apple to promote the experience of the platform for the average ‘joe user’ it stands to reason that some of the focus is directed at the platform by the malware authors. Plus OS X is far more accessible to the authors now it runs on Intel hardware, after all previously one needed to purchase Apple PowerPC based hardware to run OS X, now you can get OS X to run on any Intel or AMD box that has a fairly decent Pentium 4 Class CPU in it.
Then there is you only get infected with this new bit of malware if your surfing porn. Well this is false, sure the initial reports of this bit of malware stated that the fake codec was being installed from porn sites. However, the malware is being served from numerous domains, and there are so many opportunities for installation such as MySpace, thousands of blog sites and as many compromised websites as the people behind this bit of malware can compromise.The last argument is well interesting, to get infected the user needs to do many things to get infected. They have to download a file, open it, run the installer and enter the admin password. Now anyone using this argument is kind of missing the point, the user is trying install something, in many cases they are not getting tricked into download by using drive by tactics but the user is under the impression that they are getting something useful, i.e. a Codec to allow them to view some video content, therefore they are going to go through these steps. It is only after they become infected the problems start.You also have to remember the psychology of the users that get infected, ably demonstrated by the Bagle malware, this was often sent to the would be victim in a password protected Zip file with the password included within the email. In this case the user who got infected just like those infected using this bit of OS X Malware went through just as many hoops to end up infected. Now all these hoops didn’t stop Bagle being one of the most successful pieces of malware targeting Windows.So what is all the fuss about then, well the problem bit of malware is written by the same group of miscreants as those that have developed the Win32/Puper family of malware that have been about in various forms since May 2005. Now this bit of OS X malware affects both OS X 10.4 Tiger and OS X 10.5 Leopard, yeah that is right the version of OS X that has only been released a week. The user is tricked when visiting a site offering video to download a new codec, the user goes through with the download and installation thinking that they are going to be able to view the content on the site once installed. Once the user has installed the ‘fake codec’ the video on the site will play thus diverting suspicion. The trojan then adjusts the users machine configuration to point the network settings at malicious DNS servers. The malware also reports back to the central control that it has infected a machine and it will setup a cron job to ensure that the DNS settings will always point to the malicious DNS servers.So what can you do, well firstly be aware about what your viewing and visiting web page wise. OS X comes with a wide array of Video Codecs installed already, usually the only thing missing will be ones mainly used by the pirate scene, such as DivX and for those that are missing there is VLC or Perian to provide decoding for those videos.The other thing, it is some thing that is going to be come a must for OS X users in time, it is install Anti Virus. There are several great products out there for OS X and they will protect you from numerous threats.
[sumber : erwin dan fajar (erwin 12)]
Tidak ada komentar:
Posting Komentar