More Mac OS X Malware surfaces

F-Secure notes that it’s discovered the second piece of Mac OS X malware in as many days.

OSX/Inqtana.A is a Java-based worm that takes advantage of a hole in Bluetooth – one that’s already been patched in the latest round of updates. This is a common pattern in the Windows malware world, where a round of patches is often followed by the release of malware that attempts to exploit unpatched systems.

As F-Secure notes, this is unlikely to be a serious threat to Mac users. Not only does it use a hole that’s already patched, it has been written to time out after 24 February. There’s no indication that the author has made any serious attempt to seed it into the wild. However, the fact that it’s emerged so soon after OSX/Leap.A gives a worrying indication that there is more than one person out there writing malware that targets Mac OS X, using “proof of concepts” like Inqtana and Leap to learn how to write for OS X.

I expect more malware to emerge over the next few months, as authors take existing code and improve upon it – probably with malicious payloads, too. However, I also expect this to be far less serious on the Mac than Windows, because of “security through obscurity” factors making it harder to spread.

Take, for example, the most common method of malware transmission – sending copies to email addresses harvested from an infected address book. There’s nothing in OS X to prevent this (in fact, Apple makes harvesting addresses easier than is the case on Windows). The average Mac user’s address book probably contains no more than 10% Mac users, which means that there’s instantly only a 10% chance of hitting the right sort of target. That, alone, makes it much harder to spread effectively.