Bluetooth worm targets Mac OS X
By Joris Evers
Staff Writer, CNET News.com
Published: February 17, 2006, 1:08 PM PST
Tell us what you think about this storyTalkBack E-mail this story to a friendE-mail View this story formatted for printingPrint
Another day, another Mac OS X pest?
Just a day after experts warned of what is believed to be the first Trojan in the wild to target Apple Computer's Mac OS X, alerts are being published on a new worm that exploits an 8-month-old vulnerability in the operating system.
The new Inqtana worm spreads through a security flaw in Apple's Bluetooth software, antivirus vendors Symantec and F-Secure said on Friday. Apple provided a fix for the flaw last June with security update 2005-006.
The worm attempts to use Bluetooth to propagate. Once it infects a computer it searches for other Bluetooth-enabled devices and sends itself to those it finds, Symantec said.
Inqtana is a "proof-of-concept" worm, according to Symantec and F-Secure, meaning it's an example of attack code, but itself likely won't affect many users, if any at all. Inqtana is not believed to have actually attacked Mac users. Furthermore, it uses a Bluetooth component that is locked to a specific address and expires next week, according to F-Secure.
"It is quite unlikely that Inqtana would be any kind of threat," F-Secure said on its blog.
In other news:
* Software pioneer Bricklin tackles wikis
* Rock's living history, streamed online
* RSA: Taking a bite out of cybercrime
* 'Dodos' film pecks holes in evolution debate
* Sign up for News.com's Morning Dispatch and other newsletters, click here.
However, two examples of malicious software to target Mac OS X in two days may be the start of a trend, Vincent Weafer, senior director at Symantec Security Response, said in a statement.
"We have speculated that attackers would turn their attention to other platforms, and two back-to-back examples of malicious code targeting Macintosh OS X this week illustrates this emerging trend," he said. "While this particular worm is not fully functional, the source code could be easily modified by a future attacker to do damage."
The new worm follows the Leap Trojan that was discovered Thursday. Symantec says it believes the two pests were developed on a parallel time line and that Inqtana was not created in response to Leap.
Symantec recommends that Mac OS X users keep antivirus and firewall software, as well as operating systems, up to date. Apple has a safety guide on its Web site.
An Apple representative did not have an immediate comment.
It's a tiny concern. The main difference in this is that Apple fixes to such concepts are permanent where as the Windows registry leaves open the undoing of any fixes, such as the deletion of firewall registry keys as in this example .
My guess is that it's M$'s attempt to watch dog the internet for illegal copies of Windoz using secret software hidden in registry just as well known spyware does these days. They may well have not expected this to backfire so horribly
It's always been that way. They never imagined that it would be exploited like it has. It answered two simple problems. How do we let the user start the system when we don't have the privledges yet. and how do we let the user do what they want but not allows other to do the same. The registry can allow the system to boot as a privledged user before we have credentials and start the required systems. Then the user can log in and credentials are set. Most people run as an administrator and are capable of doing anything all the time.
Now Apple had it good. Since the marketshare was so small and only graphics people were using it, and it didn't network well, nothing was really developed to take advantage of serious flaws. Now that they are built on the FreeBSD substrate and they are a more of an application you will see more vulnerabilities, most taking advantage of the FreeBSD portion of the OS since it is a widely available testbed. And I expect that the Mac OS's will suffer from the same problems that developed the windows registry model. The need to run things as an administrative user. There are still holes between the unix and the mac osx structures and if you know how to exploit unix you know where to look.
I will say I do like the new macs. They network well, they are very powerful, and they (apple) have always been willing to use the new hardware well before it was available on the x86. And since they now support the FreeBSD ports collection there is ample software available. But the average user didn't advance as quickly, people still do stupid things and they expect the computer to know better. If you execute a program you should know what it is going to do. If you don't you shouldn't execute it as an administrative user, on any platform.
In either case you are not going to get rid of the registry anytime soon, nor are you going to get rid of PC's and Apple isn't going to fall to a bunch of vulnerabilities, FreeBSD has been tested too well, and makes too few mistakes. (that's why they make the best servers) So the whole argument turns into a rant. The same rant that has been going on since the Mac was released. (remeber the "computer for the rest of us" ad campaign)