Renepo worms in on OS X

A new worm known as Renepo is turning off firewalls and other security measures built into Mac OS X.

"Renepo makes such a wide range of security-related changes that all security bets are off once you have been compromised," said Paul Ducklin, Asia Pacific head of technology at anti-virus, anti-spam vendor, Sophos.

The worm can render an infected machine vulnerable to subsequent attacks by disabling security software, downloading hacking tools and making key system directories world-writeable.

"Because Renepo attempts to harvest user, configuration and password data for a wide range of applications, including FTP servers, web servers, browsers, the VNC remote control program and the operating system itself, it represents a huge security headache rolled into a single shell script," Ducklin said.

Renepo's ability to spread is limited as it only replicates across network shares. However Ducklin warned, "You do not want this thing in your OS X network."

The worm has yet to be reported in the wild. Ducklin said there is no immediate danger but suggests that it be a warning for Mac users.

"Hopefully, its existence will be a timely warning to any Mac users who still assume they are safe because the bad guys aren't interested in the Mac platform."