ZDNet.com

Malware hunters at Symantec have discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.

Writing in the current issue of Virus Bulletin (subscription required), researchers Mario Ballano Barcena and Alfredo Pesoli found two malware variants — OSX.Iservice and OSX.Iservice.B — using different techniques to obtain the user’s password and take control of the infected Mac machine.

The variants have been found inside bogus copies of iWork ’09 and Adobe Photoshop CS4 which were shared on the popular p2p torrent network. The author of the malware downloaded the original/trial versions of each program and introduced a copy of the malicious binary into the packages. Users who then downloaded and installed the applications from the torrent download would have been infected. It is estimated that thousands of people have downloaded the infected torrent files.

They describe this as the “first real attempt to create a Mac botnet” and notes that the zombie Macs are already being used for nefarious purposes.

It was just a matter of time.




  1. dm says:

    Don’t download pirated software.

  2. cvquesty says:

    I have to agree.

    If you download something to your own system, and then run said thing and it compromises the security of your system and becomes a zombie for someone’s botnet, you deserve absolutely everything you get.

    Don’t download pirated software.

  3. Angel H. Wong says:

    If you can afford a Mac, why are you downloading pirated software?

  4. MikieV says:

    Anti-virus software can protect against almost anything except user stupidity…

  5. Bob says:

    Exactly. I’ve seen Windows people jumping up and down screaming, “finally, Mac’s are vulnerable to viruses too!”. What they don’t realize is that, on a Mac, you have to steal a bad copy of software in order to get one, whereas a Windows machine needs to only be powered on.

  6. spinnyd says:

    [Comment deleted – Violation of Posting Guidelines. – ed.]

  7. KwadGuy says:

    When you hear something like this, and if you were a conspiracy kind of person, you’d immediately wonder

    A) Did Microsoft engineer this? 🙂
    B) Did Symantec/McAfee engineer this?
    C) Did Apple engineer this?

    All three entities would stand to benefit from news like this.

    Of course, it’s probably a real hacker. But

  8. jescott418 says:

    I guess you get what you deserve when you use illegal software. Trouble is that in this case it could be used against the rest of us.

  9. KMFIX says:

    WOWZERS OLD NEWS! This was announced at the same time when CS4 came out as it was thought it was in the script that cracked that as well.

    As for the conspiracy theorists:

    At the time it was a little known anti-viri company that made the announcement and it was figured they engineered the whole thing…as it was only their product that protected you from it.

  10. Hatman says:

    I don’t understand why you would pirate iWork or Photoshop, when you could just download the trial version and use a pirated serial number, were you so inclined.

  11. Bob says:

    I don’t have photoshop, but I thought it used some kind of activation system, ala windows genuine advantage.

  12. hempvideo.com says:

    After you blow all your money on a mac you are left with pirating software.

    MS just released free anti virus.

    What timing.

  13. jopa says:

    My hackintosh is just fine thank you 😛

  14. Bea Verz says:

    [Comment deleted – Violation of Posting Guidelines. – ed.]

  15. jack-o says:

    Anyone know where i can download a free full version of avast! antivirus Mac Edition or any other free anti virus programs for my mac? thanks.

  16. qb says:

    The nice folks at securemac have free tool called “iServices Trojan Removal Tool” which can be downloaded here.

    One question, this trojan came out in January. Why is this hot news now?

  17. deowll says:

    This may be the first known Mac botnet but I’m not sure it’s the first. Apple makes good hardware and you only need a few hundred to do most things. If you make a point of staying low key how likely are you to get caught? I’m guessing few if any of these machines have anti malware programs running.

    If the people running the botnet are careful I’d say the odds would be excellent they wouldn’t get caught.

  18. Jim says:

    #20

    I,m guessing because the botnet switch was turned on just recently.

  19. jobs says:

    This is a old story and turned out to be untrue. There may have been infected copies of iworks and CS4 but the trojan was unable to to infect any machines. And if your running Snow Leopard it will automatically scan for malware when installing software.

  20. Qon Quixote says:

    Some people will vote republican and some people will buy a Mac, because some people are susceptible to good advertising and easily believe things they are told without a basis in fact.

  21. Casual Observer says:

    Symantec should spend their time fixing their windows software before worrying about the mac.


0

Bad Behavior has blocked 9282 access attempts in the last 7 days.