Monday, March 4, 2013

Malware attacks spike against Apple OS X users in China enclave

The increase is further proof that users of any system are vulnerable to hacks.
One of the pages displayed by a booby-trapped Word document that exploits a vulnerability Microsoft patched in 2009.
Researchers are reporting a spike in hack attacks targeting Mac OS X systems for the purpose of surreptitiously monitoring users' e-mail and chat contacts and maintaining persistent control over their computers.

The increased attacks are targeting supporters of the Uyghur people, a Turkic ethnic group who primarily live in a region of China, according to two separate reports independently published by researchers from Kaspersky Lab and AlienVault Labs. They are the latest to document the growing vulnerability of Mac users to so-called advanced persistent threats, which target users over a span of months or years to mine specific proprietary or social information of interest to the attackers.

"With these attacks, we continue to see an expansion of the APT capabilities to attack Mac OS X users," wrote Costin Raiu, director of Kaspersky's global research and analysis team. "In general, Mac users operate under a false sense of security which comes from the years-old mantra that 'Macs don’t get viruses.'"

As with some of the previous attacks, the perpetrators of the campaign documented in Wednesday's reports tricked users into opening booby-trapped Microsoft Word documents that exploit a vulnerability that was fixed in 2009. Those who fall for the ruse and are using out-of-date versions of Word are infected with an off-the-shelf backdoor known as TinySHell. The malware is configured to connect to command and control servers that have been used for years in APT attacks.

Macs have been successfully targeted in a variety of other espionage campaigns, as Ars has reported previously.  Last year, commercially motivated malware known as Flashback also infected an estimated 500,000 Macs by targeting a vulnerability in Oracle's Java browser plugin.

Malicious hackers generally only do as much work as necessary to infect their targets, and that may explain why the tools in this campaign are relatively primitive. If the targets are using old systems with no antivirus protection and haven't been trained to avoid e-mail-borne attachments, the perpetrators have little reason to use more valuable firepower. Indeed, attacks that have succeeded for years against Windows users also employ easy-to-defeat techniques. Wednesday's reports are a good reminder that no matter what kind of computer people are using, users are vulnerable to attacks that can completely compromise their personal, business, and social secrets.

Readers are reminded to install security patches as soon as possible and avoid clicking on links included in e-mails, even when they appear to come from a friend, work colleague, or other known sender. Readers may also want to consider the use of third-party antivirus protection. Mac AV is available from a variety of providers, including Sophos, Intego, Kaspersky, and Avast, to name just a few.

1 comment:

  1. Apple never claimed that OS X was absolutely invulnerable from malware attacks. Nevertheless, for years Mac owners have experienced fewer attacks than Windows users. This despite most never having installed third party security software.

    Only relatively recently, with the rise of Trojans targeting Macs, have we had to become more vigilant. One can cut risk dramatically just by avoiding the notorious malware vectors Java, Flash, and Adobe Reader, none of which is included in OS X. Microsoft apps are also notable for their security shortcomings (not to mention they are bloated, slow, and bug-ridden).

    Be careful about what websites you visit, the software you install, and especially emails with mysterious attachments that prompt you for your password, or direct you to websites asking for personal information. These messages may even be sent to you from the infected computers of your Windows-using friends. I know I've experienced that.

    I recommend using ClamXav which is free. Every now and then I let it scan my hard disc. So far, in the last year, it has found nothing suspicious.