Mac security vendors received the proof-of-concept malware from the worm's creator in late April, Peter James, spokesman at Mac security firm Intego, told SCMagazineUS.com Tuesday.
He said the malware poses little threat and there have been no instances of it circulating in the wild. However, the worm does contain a feature rarely seen – the ability to run across multiple platforms. If the code was “cleaned up” and then circulated, it might be something to worry about, James said.
“The person wanted to show off,” James said. “We think that for now this person just wanted to prove that this is possible.”
Once executed, the malware renames itself “applesystem” or “systemupdate” and attempts to copy itself to system folders, according to an Intego security memo. The program then attempts to obtain email addresses from an infected user's address book and forward itself to other computers. In addition, it attempts to create a botnet, record keystrokes and copy itself to other disks on the computer.
Users likely will not encounter this worm because it attempts to forward itself using an inactive SMTP server, Graham Cluley, senior technology consultant at Sophos, told SCMagazineUS.com in an email. Also, though it attempts to spread to removable disks, it has not been successful in testing conducted by Sophos.
The main interest in this malware is the curiosity value, since it targets the Mac OS X platform, Cluley said.
“Presumably this is being caused by an increased popularity in Macs among the general public, combined with a general laissez-faire attitude among many Mac users to security compared to their Windows cousins," he said.
Also, the malware was created in a way that could enable it to run on other platforms, James said. It was developed using REALBasic, a programming language available for Mac OS X, Windows or Linux that enables programmers to build applications on one platform for another.
“It's the first time we are seeing something that can run on multiple platforms,” James said. “A Java applet can run on multiple platforms, but that still depends on something in the system: Your having Java installed.”