And today’s Mac OS X worm release…

Posted on February 21, 2006 by Ian Betteridge

F-Secure finds another couple of Mac OS X worms: F-Secure : News from the Lab – February of 2006.

Today we received two more samples of Mac OS X malware.OSX/Inqtana.B and OSX/Inqtana.C are close variants to original OSX/Inqtana.A. About the only difference between variants is the technique by which the worm will start on the infected machine after user has accepted OBEX file transfers.The startup routines on Inqtana.B and Inqtana.C will most likely work also on OS X 10.3.Like Inqtana.A the .B and .C are locked to certain bluetooth addresses and are time limited to 24. February 2006, so they will not be able to replicate on any real environment and will work only in specially crafted lab. However it is possible that some virus author will create similar worms that are not intentionally limited, so please make sure that your OS X is up to date.

The importance of these isn’t that they’re likely to affect anyone in the wild (as F-Secure note, they won’t), but that it demonstrates the same pattern for OS X malware as Windows: one person writes, others create multiple variants.

A note for the trolls: F-Secure have no interest whatever in the Mac market. They don’t have a Mac product, and therefore it isn’t in their interests to “spread FUD” about the Mac.

This entry was posted in Macs. Bookmark the permalink.
  • StarX

    We Mac users, thought that there was a mechanism that prevented people from writing worm variants, thank you Mr. SmartGuy for telling us it’s not the case!

    Seriously do you see my point? Your article treats Mac users like a bunch of clueless babies… Of course hackers can write variants of a worm! Everyone can figure that out without your help.

    F-Secure may not have a Mac product, that doesn’t mean they are not biased. These guys work with Windows security and they were tired of hearing Mac users saying that there was zero worm on their platform.

    Just like you are biased…I’m sure you think otherwise, but tell me…

    Why didn’t you mention that both of these worms cannot affect any up-to-date version of OS X as this security hole was fixed 6 months ago?

    It goes to show that you didn’t care much about giving all the relevant fact, you only cared about getting your idea across:

    “Mac users are so dumb that they don’t believe a variant of a worm can be written!”

  • James Bailey

    The Inqtana worm is garbage. It is no threat. Even if a few users are still using 10.3.7 or 10.4.1 or something there aren’t enough to make any difference. Add to that you have to be within about 3 meters for this to work anyway and you have a dud of a worm.

    The real story today is the Safari vulnerability. You should write about that because it has the real potential to cause problems.

  • http://technovia.typepad.com Ian Betteridge

    StarX: Thanks for giving me an almost-dictionary quality definition of the phrase “Mac zealot”. Not quite sure why you’re claiming I didn’t mention that Inqtana can’t affect an up-to-date Mac, given that it’s in the quote from F-Secure. Perhaps the red mist in front of you eyes stopped you from reading.

    James: You’re right of course. As I pointed out, the interesting thing isn’t that anyone will be affected by Inqtana, but that it’s demonstrating the same pattern of write/rewrite as Windows malware. Where will this lead? Dunno – we’ll see. And thanks for the heads-up on the Safari issue – I’d actually been AFK for half a day! :)