Story image

OSX.crisis has security vendors rubbing hands in glee

24 Aug 2012

The days of Mac users sneering at the insecurity of their Windows counterparts are rapidly coming to an end.

With global market share for OS-X estimated at a little over 10% (and growing), it has grabbed more than the attention of hipsters, graphic designers and terminally cool people on television. That’s because the underground malware industry appears to be stepping up efforts to target Apple machines; more than that, proving that nothing is sacred, malware also appears to be sneaking into previously unmolested virtual machines, creating more headaches for sysadmins and more opportunity for security software vendors.

All this comes along with news that Symantec has reported a new Mac  malware, dubbed OSX.Crisis. Likely not a crisis for Symantec, since like other security vendors it earns much of its crust owing to the venerable efforts of malware writers, OSX.Crisis is a multiplatform malcontent.

That’s right, it evidently has the ability to not only worm your Apple, but break your Windows and inveigle its way onto your virtual machines, too. Somewhat perplexingly, it even affects Windows Phone devices.

Peter Sparkes, director of Managed Security Services at Symantec confirms that the growing popularity of OSX makes it an increasingly viable target for cybercrims.

“We’ve seen a number of threats come to OSX; that’s a reflection of the increase in user numbers,” he says.

This logic extends to virtual machines.

“[The nature of new attacks] reflect how people are using the various systems available; this is an advanced method of attack.”

Just why Windows Phone is part of that is as perplexing for Sparkes as it is for us, given the platform’s obscurity, though he does venture that OSX.Crisis may be something of a ‘test run’. It looks like at least some naughty coders have faith in Microsoft’s mobile strategy.

As to why virtual machines haven’t yet come under fire, Sparkes says most malware simply terminated when it hit a VM, to avoid analysis.

“It’s just the way it’s worked in the past; this one is designed to spread,” he notes.

The million dollar question (actually a lot more, Symantec enjoyed revenues of over US$6-billion in 2011) is ‘who is behind all this good old malware’?

“It’s a whole underground economy and network, often linked with organised crime,” says Sparkes; while this industry employs methods, people and facilities like legitimate companies, he adds that a lot of its products aren’t terribly impressive.

“It’s ‘smash and grab’ stuff, typically not written particularly well, but designed to get money. However, this one is more advanced and indicates a shift in approach.”

More on OSX.Crisis:

• Infects four different environments: Mac, Windows, virtual machines, and Windows Mobile.• Uses three methods to spread: copies itself and an autorun.inf file to a removable disk drive• Sneaks onto a VMware virtual machines• Drops modules onto a Windows Mobile device.

In virtual environments, the threat searches for a VMware image, and mounts the image and copies itself by using a VMware Player tool.

Symantec says OSX.Crisis may be the first malware that attempts to spread onto a virtual machine.

Platform9 and Intersect partner to bring unified cloud to A/NZ
“For Intersect, Platform9 represents the single most strategic solution to a set of challenges we see expanding across the board."
Gartner: AI to reduce project management workload
80% of the work performed project management teams will be taken over by AI by 2030, starting this year.
How Virtustream enabled FMC to modernise its global IT operations
As a result of transforming its IT operations, migrating mission-critical applications to the cloud and implementing a new SAP S/4HANA environment, FMC expects to realise significant cost and time savings. 
Meet the future of women in IT
Emily Sopers has just won Kordia’s first ever Women in Technology Scholarship, which was established to address gender imbalance in the information and communications technology (ICT) sector.
Microsoft Teams’ eight new and upcoming features
After taking Best in Show at Enterprise Connect, Microsoft Teams will be seeing eight new capabilities over 2019.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Vector penalised $3.5 million for excessive levels of power outages
''Given the impact electricity outages have on consumers and businesses it is crucial that lines companies have systems in place to identify and manage the risks present in their networks."
Digital spending to hit US$1.2 trillion by 2022
A recent study by Zinnov shows that IoT spend reached US$201 billion in 2018 while outsourcing service providers generated $40 billion in revenue.