Claims by an anonymous author that he was paid to create a worm targeting Mac OS X systems are turning into a soap opera-style farce. Infosec Sellout said his 'Rape-OSX' worm uses an undisclosed vulnerability in the mDNSResponder component of Mac OS X to spread.

Low-threat malware targeting Mac OS X systems is unusual, but far from unprecedented. Claims that the supposed author of the worm is being paid to create proof-of-concept malware lack credibility or rationale, aside from creating mischief.

The original 15 July post on Infosec Sellout's blog, which has since been stripped of detail, said: "I wrote this for my own purposes and it will be demonstrated to those who asked me to engage in this work. Yes, I am being compensated for this (Hi, Joanna)."

The information security community is a small, almost exclusively male clique. The only Joanna of note is Joanna Rutkowska, founder of Invisible Things Lab, a noted security researcher who developed the Blue Pill rootkit to illustrate the security shortcoming of Windows Vista's anti-malware defences.

Rutkowska told (http://www.eweek.com/article2/0,1759,2160257,00.asp?kc=EWRSS03119TX1K0000594) eWeek that she doesn't know Infosec Sellout and certainly hasn't paid anybody to write worms.

Infosec Sellout was "identified (http://www.cutawaysecurity.com/blog/archives/16)" as LMH, someone associated with the Phrack High Council (PHC), on Cutaway Security's blog on 17 July, based on an anonymous chat-room conversation. PHC aims to cause grief to responsible white-hat hackers.

Whether this is true or not remains unclear, but soon after this Infosec Sellout's blog was "hacked", renamed "Security Information (http://infosecsellout.blogspot.com)", and stripped of almost all its posts. One of the two posts left on the blog provides a link to information on the alleged worm, but none of them detail of the original post.

IDG reports (http://www.pcworld.idg.com.au/index.php/id;737532235) that death threats were posted on the blog prior to the hack, adding further spice to an already heady mix.

Rape-OSX is looking more and more a work of mischief rather than mayhem. Perhaps we should thank Infosec Sellout for enlivening an otherwise dull week in information security with his gonzo-style pranks? ®

Related stories

• Mac security site littered with malware (12 March 2008)

  http://www.theregister.co.uk/2008/03/12/mac_security_site_malware_infestation/

• Scareware scammers target Mac users (15 January 2008)

  http://www.theregister.co.uk/2008/01/15/mac_scareware_scam/

• Bad hair day for alternative browser users (19 October 2007)

  http://www.theregister.co.uk/2007/10/19/alt_browser_vulns/

• Teaching hacking helps students, professors say (7 August 2007)

  http://www.theregister.co.uk/2007/08/07/teaching_students_hacking/

• LMH and InfoSec Sellout unmasked? (19 July 2007)

  http://www.theregister.co.uk/2007/07/19/lmh_infosec_sellout_unmasked/

• Safari gets four new fixes (26 June 2007)

  http://www.theregister.co.uk/2007/06/26/four_safari_fixes/

• A Mac gets whacked, a second survives (23 April 2007)

  http://www.theregister.co.uk/2007/04/23/mac_vuln_contest/

• Apple's iPhone: theoretical risks of unreleased handset (16 January 2007)

  http://www.theregister.co.uk/2007/01/16/iphone_malware/

• Hackers debut Mac OS X adware (24 November 2006)

  http://www.theregister.co.uk/2006/11/24/mac_os_x_adware/

• Virus dances onto Mac OS X (6 November 2006)

  http://www.theregister.co.uk/2006/11/06/mac_osx_virus/

• McAfee warns over Apple virus risk (9 May 2006)

  http://www.theregister.co.uk/2006/05/09/mcafee_mac_security_risk/

• Plug pulled on Mac hacking challenge (9 March 2006)

  http://www.theregister.co.uk/2006/03/09/mac_hacking_challenge/

• Triple threat to Mac OS X largely academic (27 February 2006)

  http://www.theregister.co.uk/2006/02/27/apple_security_threats_a_reality/

• 'First' Mac OS X Trojan sighted (16 February 2006)

  http://www.theregister.co.uk/2006/02/16/mac_os-x_virus/