Monday, July 25, 2011

Apple, Trojans, and FUD

Originally published 3/1/11 on

People seem to really enjoy finding any type of malware for Mac OS. In the decade since Apple introduced OS X there have been a handful (barely) of malicious softwares introduced for it, but only one really had the potential to be serious. I wrote about OSX/Koobface.A because it was the first serious malware for OS X - or would have been if it hadn't been broken in porting it and never fixed.

Now we have Blackhole RAT, which is being hailed as a new trojan for MacOS - again, a piece of Malware that has been ported over from Windows.

But wait. What is Blackhole RAT? What does it do? By itself, Blackhole RAT is just another remote administration tool like VNC, Apple's Remote Desktop, or Microsofts Remote Desktop. Sure, it allows someone to take over your computer across a network, but so do a host of other tools. Blackhole RAT isn't, by itself, malware. It has to be installed - probably using a trojan. It's not a trojan itself, it would be the soldier inside the horse. In the computer world, that's usually referred to as the "payload." 

So should you be worried about Blackhole RAT on a Mac? I don't think so. Apple Remote Desktop is as much a concern. Before worrying about remote administration tools (RATs) you need to understand how many ways there are to install them on your system. On a Mac, the answer is, not many.

So why am I writing about a non-issue? Because so many reputable publications are, such as PCWorld and MacWorld. But they are spreading the FUD (Fear, Uncertainty and Doubt) rather than calm, reasoned information. Someone needs to be the voice of reason.

If you are concerned about malware, Sophos offers a free antivirus software for home use. But don't panic, the Mac universe is still relatively safe unless you're exploring the seamier side of the internet. If you're doing that, I hope you're already aware of the risks.