Lessons from the latest Mac malware
May 20, 2013
By Roger Thompson

One of the Hoary Old Chestnuts of computer security is that “SMB don’t get 0-days”. Aside from arguably bad grammar, the latest Mac malware shows this to be patently false.

What is meant by “SMB don’t get 0-days” is that brand-new exploits, or zero-days, are relatively hard to write, and possibly expensive, and therefore tend to be used against high-value targets, such as Fortune 500 companies, or military, rather than being “wasted” against Small and Medium Business, who by implication have nothing worth stealing.

However, the latest Mac malware showed up on the laptop of an Angolan human rights activist. Now, as far as I know, it was not using an exploit to spread, let alone a 0-day exploit, but it was digitally signed by an approved Apple developer, which meant that OSX would not complain when the code tried to run. (For the record, it may well be that the developer ID was simply stolen. We just don’t know.)

Standard advice about staying safe on the Internet usually involves only installing software from legitimate websites or developers, but that advice falls a bit short when it’s signed by a sanctioned developer id.

Given that an organization of one is about the smallest SMB you could find, it is clear that any person or group that has valuable enough information, or who makes someone mad enough, can be targeted by organizations with either the resources to write a 0-day exploit, or steal some legitimate code signing ability.

Tibetan activists, for example, have been targets of quite sophisticated probes and attacks for at least decade now. Another example is any attorney that is involved with criminal or high-value litigation.

So, if you decide that perhaps your information might be of enough interest to someone that you would attract such an attack, how can you defend against it? The answer is with great difficulty.

Anti virus products, which must be included in your defenses anyway, are simply not designed to protect against a one-off, highly targeted attack.

If you have data that is of value to someone else, or you’ve made someone angry, you really have only three options.

The first is to seek to educate yourself about computer security.  No matter what else you do, this is essential. Times have changed.

The second is to seek advice from a professional, and have them create a non-standard defense, with a great many layers. This will require an investment, but is probably the best thing you can do.

The third is to use the Hope Method. ;-)

We live in dangerous times, folks. Be careful.


Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

This question is for testing whether you are a human visitor to prevent automated spam submissions.
Enter the characters shown in the image.