This action might not be possible to undo. Are you sure you want to continue?
Malware on Mac OS X Marko Kostyrko CEO - SubRosaSoft.com Inc http://www.MacForensicsLab.com February 29, 2008
Malware on Mac 2
Malware on Mac OS X A white paper on the history and future of malware and how it can affect the Apple Mac OS X platform. This document discusses the technologies used in malware. These include viruses, Trojans and worms. The specific intention is to bring forth detailed discussion on how this affects the Apple Mac OS X platform. The document outlines a potential framework for a Mac OS X malware suite. The document closes with recommendations on what Apple Inc, and users of Mac OS X can do to defend against such technology. This paper was created to outline the results of research performed by the MacForensicsLab.com research and development team. These results are presented to the public in order to raise awareness of the situation and to prompt the relevant responsible parties to address the issues outlined within. The MacForensicsLab.com staff and SubRosaSoft.com Inc considers it important to bring such discussions out into the public and welcomes all opportunities to discuss the paper on email@example.com. Apple Inc., and all third parties discussed in this paper, do not endorse this content nor did they cooperate in the production of this paper. All trademarks contained within this paper remain the property of their respective owners with all rights reserved. Copyright 2008 SubRosaSoft.com Inc,, all rights are reserved.
Malware on Mac 3
Malware – The History And Future
Malware on Mac 4
Hacking – The Use Of A System Outside Of Its Design In the early days of computing the term hacker was used to describe those with a deep understanding of the core functionalities that comprised a computer system. These hackers were able to apply this understanding to enable computers to perform in a manner which was previously unimaginable. Therefore, these hackers were a fundamental catalyst for the change and growth of modern computer systems and the Internet.
1981 . his computer science student. Academia – The Study And Creation Of Malware The academic world of computer science has been at the forefront of the discussion and definition of malware since the first virus was discovered.82 Professor Len Adleman.Malware on Mac 5 The term has been degraded over time to be generally limited to someone who targets system security and ways to get around it. a computer science student at the University of Dortmund. This thesis is the first study to show that certain programs can display behavior similar to that of a biological virus. writes several selfreproducing programs for Apple II disks. 1981. [Program Self-Reproduction]. employs the term virus to describe selfcopying programs when discussing them with Fred Cohen. . In modern times it has come to include people using tools they did not produce in order to cause damage or nuisance to computer systems. a student at Texas A&M University. of USC.82 Joe Dellinger. Universities became perhaps the first victims of malware and consequently the first defenders against them. Some notable academics in the early days include: 1980 Jürgen Kraus. Virus 2 and Virus 3. naming them Virus 1. wrote his master's thesis on Selbstreproduktion bei Programmen.
These young hackers represented a fundamental change in ability. The new generation of hackers is referred to as script kiddies. popularized by the original hacking core.Malware on Mac 6 Apple Computer Inc. ideology and intent from their predecessors. had a very strong presence in the academic community throughout the early personal computing era. The use of the Apple platform in the development of malware is an extension of its overwhelming presence in the academic arena. as a means to reflect their general disdain of the new generation’s lack of understanding of the core concepts of computing and their inability to create tools of their own. The name script kiddies is a descriptive term. . Hax0r – The Growth Of The Script Kiddy Generation As home computer use grew. a new generation of hackers arose.
was given the historic honor of being the first computer to bring virus technology into the home when Richard Skrenta wrote Elk Cloner in 1982.Malware on Mac 7 An Apple User’s Perspective Apple Computer Inc. This program attached itself to the Apple DOS operating system of the time and spread via floppy disks. [Figure 1 – The message shown on every 50th boot on disks infected by Elk Cloner] .
Mac OS X) enjoyed a long life and a wide user base from the initial release in 1984 to the first desktop version of Mac . Steve once used this to impersonate Henry Kissinger in a prank call to the Vatican City. on display at the Computer History Museum was previously owned by co-founder of Apple Computer Inc.  Steve Wozniak. a device designed to fool the telephone systems of AT&T into providing free long distance phone calls.  Mac Classic The Mac Classic operating system (any version prior to version 10.Malware on Mac 8 Prior To The Mac The story of the early years of Apple Computer Inc. and the modern high tech lifestyle we all enjoy today were founded by (socalled) old school hackers. The Pope was reportedly asleep. Apple Inc. and the relationship between the founders Steve Jobs and Steve Wozniak cannot easily be told without including hacking and underground technology. through the creation of the first commercial home computer in a garage in what later became known as Silicon Valley. Figure 2 – This blue box. From the days of the BlueBox.
Apple Computer Inc. This operating system revolutionized the way we work with personal computers offering many of the user interface concepts taken for granted today. . The nVir author(s) released the source code for their work resulting in a large proliferation of derivatives causing wide and varied effects in the field. Perhaps the most notable change was to stop autorun.Malware on Mac 9 OS X in March of 2001. These tools scan for code found within known viruses and eradicating them when found. a technology still present on Microsoft Windows that will automatically execute programs when a disk is inserted. The wide spread introduction of viruses for Mac OS at this time brought forth the corresponding large number of anti-malware tools that are still around today. made changes to the operating system to stop some of the methods used by viruses on Mac. During the lifetime of Mac OS Classic many varieties of malware were developed to take advantage of the user base including some very notorious viruses such as nVir in 1987.
growing.target/) “Apple users. Market penetration and overall sales of the Mac OS X system have directly mirrored development of malware.” (http://www. Based on this data there is no reason to believe the trend will not continue as Apple continues to increase their market share. “IDC analyst Chris Christiansen is warning Mac users of the growing threat. malware attacks on Mac OS X have occurred in the last 2 years with the last quarter of 2007 being particularly prolific. at some point it will be exploited. "That's an open door.macnn.os. This protection is being eroded by the increase in size of the Mac user base. a phenomenon also demonstrated with other operating systems such as Microsoft Windows. In fact.scmagazineus.a.Malware on Mac 10 Mac OS X All successful. A Mac internet security and privacy software maker has discovered what is believed to be the first professionally crafted in-the-wild malware targeting the Mac Operating system. your days of worry-free web surfing could be numbers.com/Trojan-targets-Macusers/article/58290/?source=PSGL1SCM1001&gclid) .com/articles/07/12/31/mac. The concept of the economy of scale has historically meant that malware authors have not previously considered the Mac a viable target." Christiansen said. ’Most Mac users take security too lightly.’” (http://www.x. most are quite proud of the fact that they don't run any security at all. and most plausible.
Malware on Mac 11 The Future A Change In Culture This century has seen significant changes in the hacking community with an overall trend away from the technology enthusiast to the organized crime rings committing mass fraud and global extortion on the global digital marketplace. . This change in culture has brought with it many changes in focus for the modern malware author.
thus cutting off desirable traffic. or by overwhelming a systems resources. from a user’s system. Large collections of infected systems can be used to cause servers and systems to become inoperable by flooding their connections with traffic. some say” (http://www.com/article/135500/) DDOS – Distributed Denial Of Service Organized crime groups are using malware in order to extort payment from system owners and operators. These types of attacks range from simply extracting the requisite personal information to assist in identity theft – to more complicated attacks known as phishing – whereby the malware pretends to be a trusted service such as a bank or service provider in order to steal from an external resource. “Global Hackers Create a New Online Crime Economy” (http://www.Malware on Mac 12 Theft Malware is now being used to steal information.com/id/6436834/) .msn. and thus property.cio.msnbc. “Bot armies capable of toppling big sites.
and can sometimes number into the tens of thousands . This is generally done without the user being aware they have joined into the network of bots. or bot nets. There has become a very high potential for cyberterrorism to impact our economy and our society in ways that are difficult to define. “A Gift from the Islamic Faithful Network – Mujahedeen Secrets 2 Program” (http://blogs. These armies are called bots.csoonline.Malware on Mac 13 The criminals use malware to convert innocent users’ systems into virtual soldiers in their army of computers. bot networks. Global Cyber Terror This century has seen the rise in state-funded cyberterrorism.com/node/590) .
Malware on Mac 14 Malware – The Definition .
We’ve created life in our own image.” .Malware on Mac 15 Viruses What Defines A Virus A virus is a piece of software that attaches itself to another program (the host) then uses the ability of the host program to self-replicate. Stephen Hawking once said that a virus should count officially as a form of life adding  “I think it says something about human nature that the only new form of life we have created so far is purely destructive.
) . Macs Are Vulnerable The primary requirement of a virus is a host program into which it can write itself. to execute its payload. The first priority is to look for additional hosts and to copy itself into them. Payloads vary heavily from the harmless to full cyber terrorism and have historically included such functions as erasing the entire system. The medical community defines a virus is an infectious agent that is unable to replicate or grow outside of a host cell. stealing personal information. it actually makes it easy through the use of the bundle architecture. or simply declaring their existence (digital graffiti).Malware on Mac 16 The name for this variety of malware is derived from the Latin word for toxin. How They Replicate A computer virus will generally execute when the host program is executed. The Mac OS X platform makes little or no effort to protect the main applications on the system (in fact. as discussed later. but not always. The second priority is often.
The word 'Trojan horse' is generally attributed to Daniel Edwards of the NSA.Malware on Mac 17 Trojans What Defines A Trojan A Trojan. He is given credit for identifying the attack form in the report "Computer Security Technology Planning Study". or more accurately “Trojan Horse”. . is a piece of software that contains a hidden payload.
Malware on Mac 18 The name for this variety of malware is derived from the Greek legend where Odysseus had a giant hollow wooden horse and hid his soldiers inside. Macs Are Vulnerable The definition of a Trojan makes defense very difficult. What They Do In computing terms the concept is identical to the legend. The weakness in any system defense starts with the user and a Trojan defines its attack by exploiting that weakness. The effect a Trojan could have on the system was limited to the user’s data and the applications installed on that computer. The people of Troy believing it to be a gift brought the horse inside their city and their defenses. Early versions of Mac OS X had little or no protection against a Trojan attack. The malware is able to enter the users system and bypass security measures be pretending to be something the user wants. . Once the user executes the malware on their computer the hidden payload can perform the function desired by the malware author.
5 Leopard introduces new sandboxing technology to show a dialog box to the user before running any new program downloaded from the Internet.com Inc. extended this paradigm to sandbox all applications.com) .Malware on Mac 19 OS X 10. McAfee. Software downloaded from the Internet. is marked as suspicious and will not be executed until the user clicks on a confirmation dialog box to explicitly allow it to run. not just ones downloaded from the internet.intego. and Intego) offer varying technologies to assist in this area. More information can be found at the companies’ respective web addresses: Intego Virus Barrier for Mac (http://www. both from the mail and from browser applications. SubRosaSoft. Other commercial software vendors (such as Symantec.
com) Norton AntiVirus for Mac (http://shop.com) SubRosaSoft FileDefense (http://www.mcafee.symantecstore.SubRosaSoft.Malware on Mac 20 McAfee VirusScan for Mac (http://shop.com) .
. but different in that it does not require a host program to exist. Shoch at Xerox PARC in 1978. but was “self-limited” to their own network to avoid accidental global expansion.Malware on Mac 21 Computer Worms What Defines A Computer Worm A computer worm is similar to a virus in that it is self-replicating. The first computer worm was defined and produced by researchers Jon A. The worm was created to search a network to find idle processors so that they could share the processing load of large operations across an entire network. Hupp and John F.
For example if an initial victim is attacked using a Trojan which infects them with a virus that reproduces the worms throughout their system. when executed by automated or viral functions. can be used to reinitiate the Trojan attack on other users’ Mac OS X Address Book. Macs Are Vulnerable When combined with Trojan and virus technologies worms can infect entire Mac OS X networks. and the unprotected Applications folder.Malware on Mac 22 What They Do As with other forms of malware the worm matches many of the characteristics of its biological equivalent. A worm will work its way through a network of computers and resources leaving a copy of itself wherever possible to assist in the dissemination process. . thus threatening the entire network. These worms.
Malware on Mac 23 Malware – How It Can Affect Mac OS X The Situation The current Apple Mac OS X environment has some strengths and weaknesses. It has become an abnormally biased situation in that the strengths are very strong and the weaknesses are becoming increasingly obvious. .
Malware on Mac 24 The Problems Complacency Users of Apple Mac OS X have been encouraged by media advertising to believe their systems have never been exposed to malware. This culture has grown to a point where many users believe their systems are invulnerable to malware and always will be. .
. Some examples of system extensions are . The result of these ill-founded beliefs is a complacency that seriously compromises the ability of the user to make informed decisions when dealing with a malware threat. i) You need a system pass to infect my Mac.exe (a Windows executable program).Malware on Mac 25 “I run Mac OS 10 so I don’t have to worry about spyware and viruses” (Apple. ii) There are no malware problems on a Mac. iii) Macs are immune to malware.mov) Common attitudes behind this complacency include.jpg (a common digital photo format).com/movies/us/apple/getamac/trustmac_480x376. Hidden Extensions A file extension is designed to tell the system and the user what kind of file they are dealing with. Television Advertisement http://movies.. This complacency can potentially nullify the effectiveness of the new sandboxing technology in OS X 10.app (a Mac OS X executable bundle). Both Microsoft Windows and Mac OS X offer the ability to hide the extension from the user. This is often used to disguise the true nature of file from the user. .apple.5 Leopard. and . If this hiding is combined with a less technically-oriented user (the majority of all users) then a Trojan can exploit this to hide its own true nature. Inc.
A bundle is a special folder that pretends to be a single file. for programmers. indivisible. is that it allows multiple resources to be contained in one single folder that is. from the users’ perspective. It should be noted at this point that Apple Inc. . The advantage of this.Malware on Mac 26 The Bundle Architecture What It Is Applications on the Mac OS X system are structured using an architecture called a “bundle”. also use the bundle format for many of their pro tools to save documents.
iii) Graphics. Some examples are: i) Multiple executables for different platforms such as Classic Mac OS. ii) Multiple language files so that a single copy of the application bundle can be used in different countries and appear in the native language of that country. iv) Help files.Malware on Mac 27 Programmers use these special folders to allow certain resources to be treated as part of the program without the risk of those being separated from the main executable code of a program. manuals. buttons. . and media resources used within the application. PowerPC or Intel-based computers. etc.
app as it appears to the operating system] .app as it appears to the user] The underlying bundle appears to the operating system as follows: [figure 4 – iTunes.Malware on Mac 28 A user is presented with an object that looks like (for example): [figure 3 – iTunes.
iDVD. These bundles typically have their file extension marked invisible so it is possible to disguise an executable program as a data “file” for such a tool. This technology makes the process of creating a virus easier since the bundle architecture greatly assists the process of installing multiple executables into one “program”. . These bundles can open both their own malware code as well as the desired real application whilst conserving the look and feel of the real data. When the user executes the bundle (in this case iTunes. and the many pro tools.app) the virus code would execute instead.Malware on Mac 29 How This Assists Malware The structure of the bundle architecture makes it easier to piggyback executable code within an existing trusted application by simply renaming the existing executable iTunes found in the MacOS subfolder and inserting a second executable into the MacOS folder with the original’s executable name. Reproduction is greatly simplified since the same architecture is used on most OS X applications. Mac OS X also makes use of the bundle architecture for storage of user documents in many modern applications such as iMovie. The virus would then launch the renamed iTunes executable so that the user would not be aware they had run the wrong program.
etc. Mac OS X systems maintain their operating system files in the same protected method that traditional UNIX systems use. are stored unprotected inside a folder called “/Applications”. Keynote. iChat. Any program running on a Mac OS X system can write to this folder and to most of the contents therein. . either by replacing the core executable of that program or adding piggyback executables (viruses) without leaving an obvious trace due to the nature of the bundle architecture. The programs (commonly known as Applications) that a user relies upon and considers part of their system such as iTunes. How This Assists Malware Most common applications running on your Mac can be modified.Malware on Mac 30 Unprotected Application Folder What It Is Traditional UNIX systems protect their key executables by using file permissions and storing them inside protected folders (such as /usr/bin).
Side note: Addresses that are deleted are not actually removed from the database.Malware on Mac 31 Centralized Open Address Book What It Is A Mac OS X user enjoys the convenience of the Address Book. phone numbers. email addresses. Programs running on the Mac OS X system can read. . Instead they are marked for deletion so that the computer can notify other devices such as cellphones. The database is open to access from all programs running on the Mac OS X computer. etc. This centralized database keeps track of all other contacts the user communicates with including their instant messaging addresses. write and delete addresses from this database at will. and PDAs that the user wants that address deleted. iPods. physical addresses.
It should be noted however that the user is already complicit with the operation at this point so should not be considered a reliable security measure. 2000 . The “ILOVEYOU” worm only infected computers running Microsoft Windows but the mechanisms for dissemination exist on Mac OS X: i) A user base believing themselves safe ii) Available open database of contacts iii) Ability to write to the Applications Microsoft implemented a user-controlled system that sandboxes new applications and warns users they are about to run a new application. This worm spread itself by interrogating users’ contacts and emailing copies of itself to everyone it found. or “VBS/Loveletter” started arriving in email boxes with an attachment “LOVE-LETTER-FOR-YOU. Apple recently introduced similar technology.vbs” on May 4th. the “Love Bug worm”. .TXT.Malware on Mac 32 How This Assists Malware The worm known as “ILOVEYOU”. On its journey it is estimated that it infected 10% of all internet-connected personal computers and caused more than 5 billion dollars in damage.
with suggestions.Malware on Mac 33 Anatomy Of A Mac OS X Malware Suite Purpose For the purposes of this discussion this section will be limited to descriptions of malware that does not have a “payload”.. and/or SubRosaSoft. No attempt will be made to damage a users’ system or gain any resources. The reader is invited to contact Apple Inc.com Inc. All technologies will focus on the delivery mechanism that could be used to attack Mac OS X (and other) users. . The aim and purpose here is to outline how a suite might work so that recommendations can be received on how to stop such a suite from being successful.
” (Virgil. Whatever it is. Aeneid. Book 2. I fear the Greeks even when they bring gifts. Primary consideration in the production of a Trojan horse would be placed on making the user want to accept the Trojan. needed to create a gift the defending leader would voluntarily accept inside the city defenses. The attacking leader. Trojans. Realizing the men of troy revered the horse he had a mighty wooden horse made large enough to allow his soldiers to hide inside it and left it at the gate of the city. First the infection should distance the author from the first wave victims while simultaneously making that first infection as wide as possible. Foe’s gifts are no gifts: profit bring they none” (Sophocles 496 – 406 BC. The Latin epic poem “The Aeneid”  describes events between the time of “Homer’s Iliad” and “Homer’s Odyssey” surrounding the Trojan War. Ajax) . “Do not trust the horse. Odysseus.The Trojan Attack For a successful infection there would be two goals required by the malware author. circa 19 BC) “Naught from the Greeks towards me hath sped well. This legendary war between the cities of Sparta and Troy had resulted in a deadlock whereby the defenses of the city were equal to the challenge of the attacking army. So now I find that ancient proverb true.Malware on Mac 34 Initial infection (First Wave) .
make a small but helpful enhancement for that technology.com or http://www. The malware author’s intent is not to fully disseminate the malware suite but to get a wide enough secondary infection wave ready on a time-delayed basis. The virus contained within this Trojan would infect only the system where the Trojan was executed and make a copy of the virus component into all of the unprotected application bundles on that system. . This methodology follows the concept of the “sleeper cell” as defined in the Al Qaeda training manual . The creation of a helpful freeware tool containing a version of a virus that will infect once then lay dormant to a later date can be hosted on a public site then advertised using one of the many freeware distribution sites such as http://www. execute then quit without further action.com. This virus would then sit in a dormant state. a small freeware utility that assists in the management of SMS text messages on an iPhone.VersionTracker.Malware on Mac 35 In computing terms this same ruse would be used.Downloads. and then distribute that tool for free. In keeping with the primary consideration of this step a malware author would leverage public popularity of fashionable technologies of the time. until a predetermined later date. For example.
Malware on Mac 36 The malware author would ensure that once the Trojan has completed its own initial infection that the Trojan application itself self-inoculates to cover the source of the second (main) deployment wave.) This attack infrastructure delivers a ready supply chain for the second wave in much the same way as the Ho Chi Minh Trail  provided for the North Vietnamese. Many of the newly infected applications (hereinafter called the second wave Trojans) are. It does so by forming a relatively complex web of available infection points that the malware author can control. At this point the number of suspect applications have been greatly increased while simultaneously removing base suspicion from the originating Trojan. Before the main wave of attack is initiated the author should repost and allow for dissemination of a vaccinated version of the Trojan. This wave would be repeated on a fixed schedule until the desired infection ratios have been achieved and the desired payload can be implemented. in fact commonly trusted applications such as the Apple tools and third-party tools found on most computers. . Reproduction (Second Wave) The malware author’s goal for the second wave is to greatly increase the number of infections. It also provides for a significant level of overlap and duplication should any one conduit be closed.
Malware on Mac 37 The second wave would not proceed until sufficient time has passsed from the first wave. Because these payloads are prepared on the users’ own machines they would not trigger the sandbox protection code found in OS X 10. the primary consideration moves to mass production of malware. but also offers the highest risk of discovery. Traditionally this was achieved by at least two separate methods. Checking system date and time and waiting for a predetermined moment could also determine this time. ii) The Worm Approach – The malware should send copies of itself to as many available recipients as possible. This would contain packages made from their own data that are disguised using the bundle architecture. Now that the malware author is sufficiently distanced from the second wave Trojans. This approach would give the most protection from discovery. The malware author would use the users’ data to prepare ammunition for the second wave. This time could be determined remotely by having the virus check an online source for a code to proceed.5 when executed on the users’ machines. This approach would give the most flexibility. i) The Virus Approach – The malware should look for attached devices and network volumes and infect every available application bundle with its own code. In this case the malware author uses both methods together and separately for maximum effect. but also offers the least flexibility. It might also contain sample programs from the users’ machines that are determined to be small freeware downloads newly infected by the malware code. .
SubRosaSoft.com Inc. would like to take this opportunity to point out that the dissemination of malware is not only . Alternatively it might be done in a massive full frontal attack in the manner performed by the ILOVEYOU virus. i) The Trojan Attack – Pretending to be a gift while hiding an intruder ii) The Computer Virus – Self replicating programs dependent on a host iii) Digital Worms – Producing and disseminating copies directly without a host. This remains the prerogative of the malware author. Special attention would be made to indicators that the potential recipient is a Mac user such as the content of the headers for incoming emails in the victim’s inbox. The malware author would benefit from the inherent trust of the secondary wave victim for the first wave victim. The first application to trigger itself would make use of the open address book database to find potential candidates to send a copy of itself to.Malware on Mac 38 The virus approach would cause the malware to immediately deploy copies of the preprepared payloads onto any removable media or network storage device. It is in no way intended as a manual on how to create such a suite of malware technologies. This final dissemination would be done in such a way so as to temporarily self-inoculate the application responsible and to carefully feed the outgoing mail to stop from flooding the victim’s connection and alerting them. What has been discussed in this section of the document covers the three main definitions of malware and documents how each can apply to Mac OS X. to defend against. It is this author’s hope that this will open learned discussion of the topic. and our responsibility as an industry.
Malware on Mac 39 immoral. . but also illegal. § 1030 “Fraud and related activity in connection with computers”  for more information. Please refer to Title 18 U.S.C.
app bundle. . This would reduce the ability of malware authors to piggyback their code inside an otherwise legitimate bundle. Inc. Control The Bundle Architecture Apple might consider implementing a mechanism whereby a bundle cannot contain more than one executable for any given “Contents” subfolder. This would reduce the ability of malware authors to disguise executable bundles as data files for their pro tools. Apple may also wish to discuss disallowing multiple extensions inside a .Malware on Mac 40 Recommendations For Apple.
Furthermore Apple should make an interface that is easy. This would slow down the reproduction of code that has already been authorized by the user.5 Leopard Sand Box Concept Apple might consider extending the built in security functions found in OS X 10. . and non-technical to turn this access control on or off. Extend The OS X 10. Control Write Access To The Applications Folder And Subfolders Found Therein Apple may think about making it the default behavior for the system to require admin access to write to this very important folder.5 to include executable code that is created locally rather than the current restriction to download content only. obvious.Malware on Mac 41 Control Access To The Address Book This paper recommends Apple should contemplate a similar system to the keychain whereby the address book can be locked/unlocked and access to the address book can be restricted to certain applications.
intego. Some of the tools to consider include: Intego Virus Barrier for Mac– http://www. Install and utilize third-party utilities to monitor for malware activity.mcafee.Malware on Mac 42 For Mac OS X users Read the security guidelines from Apple Inc.com SubRosaSoft FileDefense – http://www.com Norton AntiVirus for Mac – http://shop.com .com MacAffee VirusScan for Mac – http://shop.apple. Care should be made to avoid programs that specifically rely on scans for known malware as these tools do not offer protection until it is potentially too late.symantecstore.com/macosx/pdf/MacOSX_Leopard_Security_TB.SubRosaSoft. found at http://images.pdf Carefully determine the validity and source of any executables you wish to install and run on your Mac OS X computer.
ISBN 0-393-06143-4.mit. Inc. (2001).Anick. and Had Fun Doing It. Hunting the sleepers.fas. iWoz: From Computer Geek to Cult Icon: How I Invented the Personal Computer. http://classics.C. Aenid.Malware on Mac 43 References  Jesdanun . New York: John Wiley and Sons . W. G. The Cambridge Lectures  Virgil. Computer Viruses Turn 25 http://findarticles.  Hawking. Al-Qaeda training manual http://www. James P. Norton & Company. G. The Blood Road: The Ho Chi Minh Trail and the Vietnam War.html  US Southern District Court. John.). S.pdf  Prados.org/irp/world/para/aqmanual.pdf  Decision Support Systems.com/huntingthesleepers. (1998). (19 B.. Retrieved November 17.metatempo. entered as evidence in Africa embassy bombings. Book 2. Computer Security Technology Planning Study  Wozniak. http://www. (2006). Smith. (1994). Translated by John Dryden.com/p/articles/mi_qn4176/is_20070903/ai_n19519520/print  Anderson. Professor Stephen W.edu/Virgil/aeneid. (1972). 2007. W. US New York City Attorney’s Office. Co-Founded Apple.
html . http://www.org/advisories/CA2000-04. Fraud and related activity in connection with computers.cornell.law. Legal Information Institute.edu/uscode/18/1030.html  The Honeypot Project & Research Alliance. Using honeynets to learn more about Bots.honeynet. CA-2000-04 Love Letter Worm. (2005).Malware on Mac 44  Cert Advisory. Know your Enemy: Tracking Botnets. http://www.cert. http://www4.org/papers/bots/  Cornell University Law School. US Code: Title 18 > Part I > Chapter 47 > § 1030. (2000).
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.