For years Apple Mac users have felt smug that their computers didn't need any security software installed, unlike their poor Windows counterparts which were always coming down with a cold. This they believed is because their beloved operating system is inherently more secure than leaky old Windows (which it used to be). This smug feeling has been especially strong over the last decade, since the release of Mac OS X in 2001, as it's based on Unix which has always had security baked into it. They therefore felt safe from the multitude of viruses, keyloggers, trojans and various other nasties that the bad guys like to infect operating systems with. However, there have been successful attacks in the past on every Apple Mac operating system since the first one in 1984, just nowhere near the number of attacks as on Windows. Of course, what Windows users, Linux users and other OS users have also been saying for years is that Apple's operating systems simply weren't popular enough to bother with and aren't particularly secure. After all, the hackers do this for fun and financial profit, so why aim for a little teeny tiny target, when you can aim for a big, fat one like Windows?

Well, Apple's OS certainly has increased in popularity somewhat since the debacle that was Windows Vista and hence is now a larger attack target than before, attracting more attention from criminal hackers. This appears to be dispelling the myth that Mac OS X is "secure", what with the latest malware attack. This new kid on the block is a trojan called "Tsunami", which has now been discovered on infected Mac OS X systems. What makes this particular malware different is that it appears to be a port of all things, of a Linux DDoS trojan called Troj/Kaiten. This little beauty herds infected Apple computers into a botnet which DDoS's whatever victim website the criminal hackers choose to instruct it to, using an IRC channel. Lovely.

Graham Cluley of Sophos, has taken this trojan apart and shown how it can be instructed to attack any website. He has reproduced the code snippet below:He then says:

The big question, of course, is how would this code find itself on your Mac in the first place? It could be that a malicious hacker plants it there, to access your computer remotely and launch DDoS attacks, or it may even be that you have volunteered your Mac to participate in an organised attack on a website.

But remember this - not only is participating in a DDoS attack illegal, it also means that you have effectively put control of your Mac into someone else's hands. If that doesn't instantly raise the hairs on the back of your neck, it certainly should.

So, it sounds like this nasty requires a little bit of social engineering to get on the machine, like many do for Windows. However, that hardly sounds like a challenge does it, given the general lack of basic technical skills and security knowledge of ordinary computer users? The Apple ones perhaps even more so, as the platform is designed for "ease of use" and aimed specifically at people who are not tech savvy at all and want a computer "that just works". They'll have no idea why their beautiful Mac inexplicably runs slugglishly and unstably, with their ISP possibly disconnecting them for the garbage pumped out by their infected Mac.

Some people reading this will make the rallying cry "Of course Sophos will say it's vulnerable, they have a product to sell!" and they have a point. However, this doesn't take away the fact that threats to the Mac platform are real, out there and growing. Even if a Mac user doesn't want to run security software they should still practice safe computing habits, which is just another way of saying to use their common sense.

A short and interesting history of Apple malware can be found at this Sophos article.