Leander Kahney has written a column on the latest spate of Mac malware scares, and generally – correctly – sums them up as “a load of crap”. People like me are interested in them because they’re novel, and because they (correctly) put to bed the idea that the Mac is somehow completely immune from malware (and yes, I have seen this argued).
However, I’m going to take Leander to task over one thing: his apparently lack of belief in the power of social engineering.
The Leap-A malware was a poorly-programmed Trojan horse that relied on “social engineering,” or trickery to perform its nasty function. There’s a simple way to protect against this kind of threat — common sense — and in testament to this, a lot of people didn’t fall for it.
I’m not going to catch a virus this way any more than I’m going to send money to the honorable Dr. Mobuntu, head of the Central Bank of Nigeria.
Perhaps Leander ought to go read this page of stories about people who have been caught out by the “419 Nigeria” scam. Or perhaps he ought to look at the list of the most commonly reported Windows infections, all of which rely on fooling people into opening attachments. Malware writers use social engineering because social engineering works. With probably around 900 million PCs in use in the world, the majority of which run Windows, all you need is one in 10,000 people to be suckers to make an awful lot of money – or, if you’re seeding malware infect an awful lot of machines.