Mac OS X Gets A Virus? Are You Worried? Don’t Be.

The web was abuzz about the new “virus” infecting (potentially) Mac OS X. Of course, we Mac users are smug and content in the knowledge that 99.99999-percent of all computer viruses are really Windows affairs.

Now there’s finally something for Mac users to worry about and our sure fire solution to protect your Mac from the hoards of demons on the Internet.

First, the bad news.

Security experts are warning Mac users about a malicious script that can destroy data on your Mac, install remote control software, and harvest passwords you thought were secure.

The good news is that it’s a script worm, virus, trojan horse malware application called “Opener” by Mac security sites.

Opener works in a very simple manner. It’s a simple Unix shell script that tries to turn off your OS X firewall (most of it is on by default on Mac OS X), then it downloads and tries to install other little applications to crack passwords, mess with data, and get you hooked on Prevacid AC.

The bad news is that it works. The good news is that you have to let it work. It won’t just crawl up your leg as you walk by a Windows machine and then jump into your Mac through an opening in the keyboard.

The bad news is that Opener (also known in some Mac circles as “Renepo”) can also turn off your system logging and accounting in Mac OS X to try to hide the fact that it’s even been on your machine.

The good news is that Opener is not a “virus” that’s easy to get. The bad news is that once you get it, it could really harm your Mac and harm other Macs on your office network.

Some call Opener a harvester. This “worm” (virus, trojan horse, malware) tries to “harvest” user, configuration, and password data for a bunch of applications on your Mac. It also sets up a backdoor which can leave your Mac open to additional attacks.

Ouch. Is there a solution? Is there a shot to get rid of the “worm”? And, why is it called a worm, AND a virus, AND a trojan horse all at the same time? And what’s malware?

I dunno. It’s probably called a virus because it really can infect your Mac. It’s a worm because of what it does—worm it’s way through your Mac causing additional damage. It’s also something of a Trojan Horse (think about “Trojan” for a moment—that’s a key part of a suggested solution to prevent infection from the “virus”) because you really have to bring it to your Mac for it to work.

There’s other good news. Opener hasn’t been seen in the wild yet. It’s just a, well, um a laboratory virus, er, uh, malware.

Windows users have worms, viruses, and Trojan Horses. Mac users have malware. Remember, we’re only 10-percent of all computer users. But it’s the top 10-percent.

Regardless, there’s just something very educated and appealing about that description, don’t you think? “Malware.” How sophisticated.

Opener cannot automatically propagate (hmmmm, that’s another good word to incorporate into the leading solution to date) itself to other Macs. It will copy itself to any drive connect to an infected Mac; local drives, server drives, or connect remote Macs.

That’s bad news. The good news is that Open relies on administrator privileges to get installed in the first time. Once it’s installed as a startup program, every time your Mac is turned on (“I love you, Mac. I love you, Mac….) it tries to grow.

How prevalent is this so-called malware? Antivirus company Trend Micro says they’ve not received a single infection report from any customers. NewsFactor quoted TrendMicro’s Joe Hartmann, “We don’t expect it to spread very far. If it was not for the fact that it runs on the Mac platform, it would be just another piece of malicious code. We typically get 500-1,000 new pieces of malware every month. We have literally seen thousands of similar pieces of code for other OS platforms, especially Windows.”

Let’s do the math. Opener is theoretical in the wild (it must only be in captivity right now), and one of the first of its kind for Mac OS X. Meanwhile, they get 500 to 1,000 new pieces of malware every month. For Windows, right? Maybe some Unix folks thrown in for added taste? Those are pretty good odds for Mac folks.

They say the only truly secure computer is unplugged. What can you do to protect your Mac from this not-in-the wild virus, worm, Trojan Horse, malware?

That got me to thinking so I Googled “virus protection” and came up with the photograph to the left. For some reason, I can just picture many Windows users rushing down to CompUSA and asking for that “Trojan” Horse Virus Protection gizmo. The one that slips over the ethernet connector and plugs right into the connector on your PC.

I was about to say that you should be aware that we’re partially tongue-in-cheek here, but that phrase brought up other graphic connotations I’d rather not move on to.

Should we take this virus, worm, Trojan Horse, malware threat seriously?

Yes.

Mac OS X has been and remains a very secure platform. That’s by design and by Apple’s quick attention to vulnerabilities. A recent news report pointed out that most Windows users know nothing about what has infected their PCs. Let’s not be naive and think it’ll never happen on the Mac.

Practice safe computing with the right attention to your Mac and you’ll avoid unwanted “malware” in the future.

So, what’s your take on this? Is your machine secure? What do you do to prevent attacks on your Mac? How secure is your Mac? What’s locked down in your firewall? To share your experiences and thoughts with other readers, click the Comments link below.

editor’s note:If you’ve been reading the news lately, you’ll know that they’re calling this “script” a virus, a worm, a Trojan horse, malware. It’s a malicious script. Dangerous? Yes. If you install it. And YOU** have to install it, give it permission to run, etc.

We have no clue why mainstream media calls it by what it’s not. However, “malware” doesn’t sound quite so bad, does it?

**Or someone else installs it while you’re at lunch.