A new adware program silently installs on Mac OS X systems and opens web browser windows, according to F-Secure.
The program, dubbed iAdware by the Finnish security company, is possibly the first example of adware for Macs. It is especially interesting since it doesn't require administrative privileges to nestle itself on the computers, according to F-Secure.
"We won't disclose the exact technique used here, it's a feature not a bug, but let's just say that installing a System Library shouldn't be allowed without prompting the user," according to the F-Secure blog on Thursday.
The program is a proof-of-concept sent to F-Secure and it is not out targeting users on the internet.
"In theory, this program could be silently installed to your user account and hooked to each application you use," according to the F-Secure blog. "This particular sample successfully launched the Mac's web browser when we used any of a number of applications."
Malicious software that targets Mac OS X systems is rare and has been limited largely to proof-of-concept code, instead of actual attacks. However, there are indications that hackers are increasingly targeting the Mac, which experts have said is not impervious to attacks.
For example, as part of a campaign called the Month of the Kernel Bugs, several new flaws have been disclosed in Apple software, the latest on Monday in the AppleTalk protocol. Last week, exploit code was released for another yet-to-be-fixed flaw in Mac OS X related to disk image structures.
Apple could not immediately be reached for comment.
Talkback
Let's not forget that anti-virus/spyware companies are going to try their damndest to convince Apple users that they need to buy their software.
This is hardly an adware program targeting OSX as the title suggests but rather an unverifiable piece of custom written code which seems to do little more than open a browser window.
Please please please ZDNET, stop being such a drama queen and report balanced Apple articles for a change!
You're only discrediting yourself amongst a growing community of users who know better.
It is proof of concept not a proven program in the wild doing real damage...
Keep the reporting realistic, as you're losing creditability.
Word of mouth of people who know, to people who don't, will make Zdnet security reports nothing more than tittle tattle..
As longmover said A/V companies have a market to protect and make money from... ;-)
:-/