CircleID

Apple's Wordwide Developers Conference may have just ended, but already, the conference release of Mac's OS X 10.6—a beta build previewed for developers—has been leaked onto torrent sites. It borders on irony: for years, Mac lovers have touted the superior security of the Mac operating system over Windows, but earlier this year, it was torrent sites—the very sites where OS X 10.6 is now being freely copied—that caused more than 25,000 Mac users to fall victim to the iServices Trojan. Some Macs never learn.

As a reporter for CNET noted last year, he'd never spoken to a security researcher who "could think of an instance of a Mac running Mac OS X that had been exploited in the wild." Moreover, most didn't even think that viruses or worms targeting OS X specifically even existed. Mighty strong words, and Apple has played into the rhetoric about Mac's superior security with its advertising, particularly earlier this year as hype was building about the Conficker virus.

It may be that sense of security that led to complacence on the part of those who fell victim to the iServices Trojan horse earlier this year. But the Trojan wasn't spread by casual, careless Internet users who simply didn't realize that the Internet can be a dangerous place; it was traced to downloads from torrent sites of Apple's new iWork 09 software. In other words, it was circulated by Mac users—a group that skews tech savvy—who know how to set up a BitTorrent client, and seek out, find, and download pirated software online.

As one commentator noted, "Unfortunately, the idea of getting one over on a big corporation fuels a lot of file sharing, and malicious software authors bank on that."

Despite the best efforts of content producers to find new ways to deliver content online for the convenience of consumers—from movies and music to gaming and software—illegal trafficking of content on P2P networks remains a problem. Even as some content providers are seeing the advantages of using P2P as a legitimate method of content distribution—CNN, for example, used P2P to maximize the number of streams it could provide users on Inauguration Day—the vast majority of P2P traffic consists of the illegal transfer of copyrighted digital material: movies, television shows, music, software, books, and games.

In short, it is digital theft. But what the Mac users who fell victim to the iServices Trojan failed to realize is that sites that deal in stolen goods—that connect users to this pirated content—are, by their very nature, sites that attract cyber-criminals. Unfortunately, too few users of file-sharing software recognize that when in the company of thieves, they'd be well served to look out for other sorts of criminals as well.

By design, there is little oversight on the part of torrent tracking sites that direct users to content. That lack of central oversight gives site operators the cover they need to avoid even secondary liability for copyright infringement in many cases. But it also makes the torrent community a haven for cyber-criminals looking to distribute lucrative viruses, worms, Trojans and other malware through versions of popular movies, software, games, or other content. If it seems to good to be true that someone is offering you a free copy of iWork 09, well, it probably is.

A good rule of thumb: If it's true that there's no such thing as a free lunch, a free all-you-can-eat buffet—which is what torrent sites offer—is even less likely.

Of course these malware-infested versions of popular downloads—and the illegal trafficking of digital goods that distributes them—aren't the only kinds of net pollution. As McAffee security firm has reported, the global business cost of cybercrime in 2008 was a whopping $1 trillion. But unlike SPAM, phishing attacks, data breaches, and other online scams, Internet users can easily avoid torrent-spread Trojan horses like iServices by not seeking out stolen goods.

The nature of the iServices virus—a stowaway on pirated software—makes it a little difficult to muster up sympathy for the users whose computers were compromised, but unfortunately, they weren't the only victims. The malware was used, according to security firm Intego, for the nasty business of using botnets to coordinate distributed denial of service attacks on various websites. It's all the more disappointing to see that months later, Mac users are still jeopardizing OS X's reputation as a secure operating system—and jeopardizing the network—by pirating the very software that's supposed to protect them from online threats.

Fortunately, Apple has somewhat stemmed the potential for piracy of OS X 10.6 by offering it a relatively low price. As a commenter on the Pirate Bay noted, "Will seed until the end of time… or at least until I can pick it up in store. At $29, why the hell not." But the reality is that whether you're Mac or PC, hobbyist or expert, law-abider or seeder, no one is immune to the effects of cybercrime. Staying away from the torrent sites that make up the Internet's dark alleyway's however, is a pretty good way to minimize your exposure.

By M. Brooke Oberwetter, Communications Consultant, Arts+Labs. Visit the blog maintained by M. Brooke Oberwetter here.

Related topics: Cybercrime, P2P, Security