Rootkit developed for Apple OS X
A security researcher has debuted a new proof-of-concept rootkit, the ultimate in malware, that works on Mac OS X, which may be a harbinger of bad things to come for Apple’s operating system.
Dino Dai Zovi , a well known figure in the field of malware security, revealed his rootkit toolkit at the Black Hat security conference in Las Vegas this week. Dai Zovi, author of the book The Mac Hacker’s Handbook, could be considered the world’s leading authority on malware and Apple OS X. Together with a few other researchers, he has been working to dispel the common belief that OS X is much more resistant to malware than is Windows, according to an InformationWeek story.
A rootkit is the worst sort of malware. It is a software system that consists of a program or combination of several programs designed to hide or obscure the fact that a system has been compromised, and by which the target computer system may be controlled. An attacker may use a rootkit to replace vital system executables, which may then be used to hide processes and files the attacker has installed, along with the presence of the rootkit. Access to the hardware, e.g., the reset switch, is rarely required, as a rootkit is intended to seize control of the operating system and thus the computer.
Technically, Dai Zovi describes hos rootkit proof-of-concept as follows: “Machiavelli consists of a Mach proxy server on the local controlling host and a number of remote agent servers that run on remote compromised hosts. On the controlling host, rootkit management utilities obtain a proxy Mach port from the proxy server and use it just as a normal application would use a local Mach port.”
At stake is whether or not the Mac is vulnerable to malware. Apple has long loudly proclaimed its superiority in this area, as compared to Microsoft Windows, especially in its advertising. Many agree that OS X, which is Unix-based, is a more secure system than Windows. However, detractors point out that hackers simply may not have expended the effort to invade Apple territory because it represents such a small part of the PC marketplace.
The proliferation of the Apple iPhone, which runs an operating system based on OS X, plus the increasing market share of Apple computers, could make the Apple products a more attractive target for hackers. McAfee and Symantec are already rumored to be working on virus protection software for the Mac. This could usher in a whole new round of the sort of virus scares that have become common on Windows, but never before on the Mac.
Related Posts:
