Symantec - OSX.Inqtana.A – New Mac Worm
Symantec - OSX.Inqtana.A – New Mac Worm
Symantec Security Response has today identified a new proof-of-concept worm, OSX.Inqtana.A, that targets users of the Macintosh OS X operating system. Currently categorized as a Level 1 threat (on a scale of 1 to 5, with 5 being most severe), this worm spreads through a vulnerability in the operating system called the Apple Mac OS X BlueTooth Directory Traversal Vulnerability. A patch for this vulnerability is available.
This threat follows the OSX.Leap.A worm discovered February 16, 2006. According to analysis by Symantec security experts, OSX.Inqtana.A does not appear to have been developed in response to OSX.Leap.A but was created on a parallel timeline.
"We have speculated that attackers would turn their attention to other platforms, and two back-to-back examples of malicious code targeting Macintosh OS X this week illustrates this emerging trend," said Vincent Weafer, senior director at Symantec Security Response.
The OSX.Inqtana.A worm attempts to use Bluetooth connections to spread itself by searching for other Bluetooth-enabled devices that will accept requests when the computer is restarted. If a Bluetooth connection is found, the worm attempts to send itself to those remote computers. However, OSX.Inqtana.A attempts to spread by using a time limited demo version of the Avetana library, which is bound to a Bluetooth address. As a result of this, the worm may not be able to spread successfully.
"While this particular worm is not fully functional, the source code could be easily modified by a future attacker to do damage," added Weafer. "Macintosh users should be diligent about installing patches to their operating systems as this will prevent attacks of this type."
Symantec recommends that users of Macintosh OS X keep antivirus and firewall software, as well as operating systems, should be kept up-to-date, to provide maximum levels of security. Users can obtain additional information on updating Macintosh OS X software at: http://docs.info.apple.com/article.html?artnum=106704
Symantec currently provides definitions to protect against OSX.Inqtana.A. The Symantec Security Response Web site provides additional details at: http://securityresponse.symantec.com/
ENDS