January 27, 2009, 12:33 AM — In the past few days, Mac users have been struck by two different, but related, kinds of malware. The sinister packages are downloaded along with BitTorrents of iWork '09 and Adobe CS4, and, like most malware, once installed call back to a central computer and await instructions (presumably to start participating in a botnet).
Many are getting worked up about this because it represents the first true piece of Mac malware that isn't just a proof of concept. But it's important to keep in mind that this isn't a worm or a virus that you can contract just by clicking on a link or opening an email; it's a trojan, which means that you have to be tricked into downloading it and agreeing to give it administrator access. The particular way this trojan tricks you into doing so is rather neat: it piggybacks on installers for the aforementioned pirated software. People are used to giving software installers admin access, but then, most people don't get their software from sketchy warez sites.
The thing about classic scams, as anyone who's watched a David Mamet movie knows, is that they rely on the greed of the scamee. Thus, the Nigerian 419 scam only works if the victim believes he or she is about to come into some ill-gotten loot. These Mac trojans follow the same principle. Still, it's easy to be smug: I know that I've downloaded and installed applications from the Internet (giving my admin password in the process) that I discovered only after a few minutes of Google searching for a tool that serves a particular purpose that I need. Sure, the Web sites they came from looked slick and professional, but that's not exactly hard to fake. This is a wakeup call to be more diligent about what exactly we're installing on our Macs.