Archive

Archive for March, 2010

Mac OS X Ransomware

I just read the blog post of Dancho this morning titled Mac OS X SMS ransomware – hype or real threat?

Well, the Mac security community is pretty much aware of this since early last month (February 03). The package we received is source code, which serves as heads up to security researchers of what’s to come.

The underground intelligence allowed us to obtain a copy of the code for the purpose of learning disinfection to help protect Mac users for possible emergence of this threat.

In January, I blogged about an observation where Blackhat SEOs redirection scripts checks the browser’s USER-AGENT to identify and redirect Mac user traffics – for the hope of monetizing it. Following this post, Dancho found similar trend, where Koobface gang is also using USER-AGENT to redirect and monetize Mac users traffic. This trend raised an awareness to security community to investigate and learn why these guys are monitoring and interested to Mac users traffic – and we got our answer, we recieved the Mac OS X ransomware source code.

Now the questions,

Is it a threat to Mac users? No (not yet at the moment), but YES – this is absolutely emerging threat in Mac.

Is it a hype? No – there’s no exaggeration, but instead the message should serve as an awareness of this emerging threat in Mac.

However, we have to acknowledge that there’s on-going offensive developments in Mac and Mac users should not take chances.