Attackers aim at Apple with first Mac Trojan horse

Mac users, it's time to stop being so smug about your machine's perfect safety record.

By Farhad Manjoo
November 2, 2007 8:55PM (UTC)
main article image

Photo: ccarlstead

If you're running a Mac and are in the mood for some free porn today, do not, while visiting a site purporting to offer such goodies, linger upon a Web page that advises the following:

Quicktime Player is unable to play movie file.
Please click here to download new version of codec.

Yeah, Sparky, I know you just want to have a good time, but listen carefully: Such a page might download and attempt to install a program to your hard drive. It'll ask you for your Mac administrator's password. When it does so, say no and go to YouTube or MENSA or the Web site of Foreign Affairs magazine (you perv) to get your fun.


According to the computer security firm Intego, such sites -- which are being promoted on many online Mac discussion forums -- actually install a malicious Trojan horse application to your Mac. This app looks like it's installing a program to let you play free porn, but instead it fiddles with your computer's Internet address settings in order to surreptitiously reroute you to so-called phishing sites as you travel the Web.

That is, you'll go to PayPal or eBay or your bank, but actually it'll be another site run by criminals in Siberia, likely, and when you enter your SSN and your password, well, say goodbye to your mortgage. And all you wanted was free porn. Remember, kids, free porn doesn't pay! There's no such thing as free porn! Always pay top dollar for good old-fashioned union-made porn!

"But so what?" you're asking. "Isn't this sort of attack pretty run-of-the-mill on the modern Internet-connected machine?" Yeah, it is, on the modern Windows machine. In fact, when I said up there that this only affects Mac machines, I lied: As Symantec points out, these Web sites check to see what operating system you're running and will then serve up a version of the app -- Mac or Windows -- personally targeted to your destruction.


But I didn't need to warn Windows users, because anyone who's reading this and runs Windows already understands that ancient Chinese proverb regarding surfing while using Microsoft programs: Careful what you click, for behind every link might lurk a monster.

Mac users don't understand this. They haven't had to, because -- and this is the real news of this post -- the free-porn app represents the first-ever criminal Trojan horse program created to target Mac OS X. (That's what's so great about blogging -- I can bury the lead!)

Mac fans have always been a bit smug about their OS being much more secure than Windows. Security experts grant that there's a lot about Windows -- a lot, especially pre-Vista versions -- that's very weak, while the Mac OS is built much tougher. But they've also long pointed out that one explanation for the Mac's safety record is its low market share -- hackers haven't been much interested in attacking an OS that so few people use (relative to Windows).


But the Mac's market share has recently been growing faster than that of Windows. So Mac fans can consider this a sort of affirmation: They're finally important enough for attackers to care about them. It's so sweet.

But remember, Macheads, be careful now. As Symantec says, "For those of you who thought you can use Macs to surf any type of Web sites on the Internet and not get infected, those days may be coming to an end sooner than you expected."


[Flick photo by ccarlstead.]

Farhad Manjoo

Farhad Manjoo is a Salon staff writer and the author of True Enough: Learning to Live in a Post-Fact Society.

MORE FROM Farhad Manjoo

Related Topics ------------------------------------------