Mac Hack Attack Exposed As A PR StuntMac Hack Attack Exposed As A PR Stunt

A McAfee security researcher Tuesday warned that a self-proclaimed Mac user had hacked and defaced two Mac fan sites for... excessive fandom.

A screen shot of the hack reads, "This site has been flagged for excessive Apple fanboism, and has been taken down for 24 hours." The image depicts a green Apple riddled with worms.

Take that, AppleMatters.com and iPhoneMatters.com.

"This is possibly the first time a hacker is targeting Mac-related Web sites," said McAfee security researcher Harish Garg in a blog post on Tuesday. "This is an interesting month for the Mac user base, with multiple Trojans/malware appearing, along with a horde of security updates from Apple itself. Things are definitely heating up in Mac Land!"

In fact, they are. Sunbelt Software Wednesday warned about a new version of TrojanDNSChanger that can affect either Windows or Mac users. And as Macs continue to gain market share, more Mac-specific hacks are widely expected.

But the AppleMatters.com hack turned out to be nothing of the sort and before Tuesday came to a close, founder, publisher, and editor-in-chief Hadley Stern was doing his best to dispel the suggestion that EllisLab's ExpressionEngine software, used to publish AppleMatters.com, might be vulnerable to attack.

"When I was first approached about the hoax I thought it was a little harmless fun," Stern said in a blog post on Tuesday. "I am literally shaking right now because I did not fully understand the impact of this, so lesson learnt. Again, Apple Matters, running on ExpressionEngine, was in no way hacked. It was a joke publicity stunt that I thought would be funny to attract attention."

Stern published a second apology on Wednesday and again tried to make it clear that ExpressionEngine isn't full of holes. "Too often in the Mac community we take ourselves way too seriously and the idea of participating in something other sites were already participating in seemed harmless," he said. "I wasn't doing it for traffic, or fame, just for fun. Of course, in the process I let down the readers of this site, and the Web hosting provider, and the maker of the excellent CMS the site uses."

Stern did not respond to a request for comment.

An apology posted by John Casasanta, who runs the MacHeist site, which was involved with the "hack," also stressed that AppleMatters.com's Web host and CMS software were in no way deficient. "We really hope that the people behind the 'hacked' sites, their hosting compaines, and the companies that create their content management systems aren't looked upon negatively by you all," he said in a forum post. "The intent of everyone wasn't malicious but just to have some fun."

Craig Schmugar, threat researcher at McAfee, noted that while security professionals wouldn't necessarily see a Web site defacement as a sign of shoddy software -- it might be the result of inept configuration -- a significant number of people might jump to that conclusion.

Asked whether the Mac community responds to news of security flaws differently from the PC community, Schmugar paused to consider his words carefully, perhaps pondering a deluge of angry e-mail. "There is a group of extreme Mac enthusiasts who are quick to be on the defensive," he said.

Mac users might benefit from a more defensive posture, now that malware authors are showing more interest in Apple's software and hardware. Pointing to the TrojanDNSChanger, Schmugar said, "The group that writes some of the most prevalent malware for PCs is now doing the same for Macs."