An actual news worthy Mac malware story:
http://m.krebsonsecurity.com/2011/05/weyland-yutani-crime-kit-targets-macs-for-bots/
Apparently, this malware toolkit, referred to as "Weyland-Yutani Bot" (WYB), is capable of aiding the production of malware to turn Macs into bots. But, this is not the most dangerous aspect of this toolkit. WYB also facilitates form grabbing, using a man-in-the-browser technique, to collect usernames and passwords during Firefox or Chrome browser sessions. This is basically the Mac version of the Zeus toolkit.
This is a more significant threat than MACDefender, a recent rogue AV malware, because WYB collects data from browser sessions rather than by tricking the user to give up their credit card number. Also, WYB allows more rapid development of malware variants so the amount of malware for Macs will increase at a faster pace as this toolkit and others like it that target Macs become more prevalent.
Malware derived from WYB needs to be installed with elevated privileges to be able to collect sensitive data. The malware uses social engineering to trick users into authenticating installation. As with any malware, suitable exploits could be used to facilitate installation if found.
Privilege escalation exploits are rare in Mac OS X so exploitation is unlikely to be used to completely install WYB based malware. Some degree of social engineering will be part of the installation process. This is also true for Windows malware generated from similar toolkits. But, Windows does have more privilege escalation vulnerabilities so exploitation is more likely to negate the need for social engineering to install malware even in properly configured Windows systems.
The developer of WYB is selling this toolkit for $1000 via internet forums. Let's hope the malware made using this toolkit is not profitable for those that purchase WYB so that developers of such toolkits are not able to maintain a market for their product. The only means to guarantee the lack of success of such malware that relies on social engineering is user knowledge given that AV software is never a complete solution.
For more Mac security information, check out the links found below.
http://m.krebsonsecurity.com/2011/05/weyland-yutani-crime-kit-targets-macs-for-bots/
Apparently, this malware toolkit, referred to as "Weyland-Yutani Bot" (WYB), is capable of aiding the production of malware to turn Macs into bots. But, this is not the most dangerous aspect of this toolkit. WYB also facilitates form grabbing, using a man-in-the-browser technique, to collect usernames and passwords during Firefox or Chrome browser sessions. This is basically the Mac version of the Zeus toolkit.
This is a more significant threat than MACDefender, a recent rogue AV malware, because WYB collects data from browser sessions rather than by tricking the user to give up their credit card number. Also, WYB allows more rapid development of malware variants so the amount of malware for Macs will increase at a faster pace as this toolkit and others like it that target Macs become more prevalent.
Malware derived from WYB needs to be installed with elevated privileges to be able to collect sensitive data. The malware uses social engineering to trick users into authenticating installation. As with any malware, suitable exploits could be used to facilitate installation if found.
Privilege escalation exploits are rare in Mac OS X so exploitation is unlikely to be used to completely install WYB based malware. Some degree of social engineering will be part of the installation process. This is also true for Windows malware generated from similar toolkits. But, Windows does have more privilege escalation vulnerabilities so exploitation is more likely to negate the need for social engineering to install malware even in properly configured Windows systems.
The developer of WYB is selling this toolkit for $1000 via internet forums. Let's hope the malware made using this toolkit is not profitable for those that purchase WYB so that developers of such toolkits are not able to maintain a market for their product. The only means to guarantee the lack of success of such malware that relies on social engineering is user knowledge given that AV software is never a complete solution.
For more Mac security information, check out the links found below.