updated 05:05 pm EST, Fri February 17, 2006
Symantec protects OS X
Symantec's Security Response Team has confirmed the second Mac OS X worm, noted earlier today by MacNN. Identified as a new "proof-of-concept" worm, OSX.Inqtana.A targets Mac OS X users; Symantec currently categorizes the new worm as a Level 1 threat (on a scale of 1 to 5, with 5 being most severe) and says that the worm spreads through the previously indentified (and corrected) BlueTooth Directory Traversal Vulnerability in Mac OS X. “We have speculated that attackers would turn their attention to other platforms, and two back-to-back examples of malicious code targeting Macintosh OS X this week illustrates this emerging trend,” said Vincent Weafer, senior director at Symantec Security Response. Information about the new worm was posted by security firm F-Secure.
The company said that the OSX.Inqtana.A worm attempts to use Bluetooth connections to spread itself by searching for other Bluetooth-enabled devices that will accept requests once the computer is restarted. If a Bluetooth connection is found, the worm attempts to send itself to those remote computers as well. However, OSX.Inqtana.A attempts to spread by using a time limited demo version of the Avetana library, which is bound to a Bluetooth address, according to a statement from Symantec. Because of this, the worm may not be able to spread successfully.
“While this particular worm is not fully functional, the source code could be easily modified by a future attacker to do damage,” added Weafer. “Macintosh users should be diligent about installing patches to their operating systems as this will prevent attacks of this type.”
Symantec said that it has released new definitions to protect against OSX.Inqtana.A.