No. But there’s some bad news rising on the Apple malware front
Let’s see if we can handle this one as a Q&A.
Q: Is there a Mac OS X virus loose on the Internet? Technically, no. As far as I know, no Mac OS X virus has ever been detected in the wild. But there are other kinds of Mac malware out there that you should know about.
Q: Like what? The immediate concern, ironically, is a bogus antivirus program called “MAC Defender” that targets Mac OS X users running Safari.
Q: What does MAC Defender do? According to a memo released Monday by the computer security site Intego: 1) It runs a fake Windows virus scan animation and announces that your computer is infected. 2) It runs a real Mac installation program and asks for your administrator password. 3) Once installed, it makes your computer act like it really is infected, opening offensive websites and generally misbehaving. 4) It offers you 1-year, 2-year or lifetime protection. 5) If you buy the protection, it steals your credit card number.
Q: What’s a malware crimekit? It’s a fill-in-the-blanks program of the kind organized cybercrime gangs have been using for years to generate Microsoft MSFT Windows malware. With a do-it-yourself toolkit, a criminal with limited programming skills can infect millions of computers.
Q: What’s this new Mac crimekit, and what does it do? According to an alert published Monday by the Danish security firm CSIS, it’s a Windows program called “Weyland-Yutani BOT” that supports “Web injects” and “form grabbing” on Firefox for the Mac. (Safari and Chrome reportedly in the works, as well as Linux and iPad versions.) Web injects can put new language into trusted websites and form grabbers can capture passwords and credit numbers entered by unsuspecting users. (Video of the toolkit in action below.)
Q: So are Macs now as dangerous as Windows PCs? Not by a long shot. Last fall, the computer security team at Sophos Labs reported that they were seeing one or two attacks on Macs each week, compared with tens of thousands per day against Windows PCs. Moreover, the two newest Mac malware threats haven’t really begun in earnest. Intego describes MAC Defender as “rare,” and according to CSIS, Weyland-Yutani BOT is still flying under the radar.
Q: Should Mac users install anti-virus software? That’s your (or your IT administrator’s) call. This could change, but I’ve found anti-virus programs for the Mac to be more trouble than they’re worth — witness the havoc a program like MAC Defender can cause.
Q: What else can Mac users do to protect themselves?
Q: What else can Mac users do to protect themselves?Don’t download programs unless they come from trusted sources, like an Apple App Store. Unless you have absolute confidence in the site that is asking for it, never give up your computer password, your social security number or your credit card information. And as an extra precaution, uncheck “Open ‘safe’ files after downloading” in Safari Preferences/General.
Below: A YouTube video showing Weyland-Yutani BOT in action.
Also on Fortune.com:
- That old Mac malware canard
- About those gangs of Russian hackers targeting Macs
- Why are there no Mac viruses?
[Follow Philip Elmer-DeWitt on Twitter @philiped]