Cybercriminals create first known Mac botnet

“A piece of malicious software unwittingly shared over a peer-to-peer network in January was the key tool in what security researchers are saying was the first known attempt to create a botnet of Mac computers,” CBC News reports.

“Researchers at Symantec say the Trojan, called OSX.Iservice, hid itself in pirated versions of the Apple application iWork ’09 and the Mac version of Adobe Photoshop CS4 that were shared on a popular peer-to-peer bittorrent network,” CBC News reports.

“Once downloaded, the applications themselves worked normally, but the Trojan opens a ‘back door’ on the compromised computer that allows it to begin contacting other hosts in its peer-to-peer network for commands,” CBC News reports.

“Researchers Mario Barcena and Alfredo Pesoli of Symantec Ireland, writing in the April 2009 issue of the Virus Bulletin, say the network of infected computers attempted to initiate a denial of service attack on a website in January,” CBC News reports. “‘OSX.Iservice is an interesting piece of malware — not only does it make use of Mac OS internals, but it is also the first Mac botnet that we are aware of,’ they wrote.”

“An example of a particularly successful botnet is the one created by the Conficker worm, which by some estimates is believed to have spread to as many as 12 million machines,” CBC News reports. “By comparison, the iBotnet, as the Symantec researchers have dubbed it, spread to only a few thousand computers before it was identified. A number of security firms say removal of the Trojan is simple once it has been identified.”

“The method used to infiltrate the computers — tricking users to install a Trojan hiding in a free version of software — is also a fairly basic way to access a computer, said Kevin Haley, director of Symantec Security Response, and is not a technique exclusive to Macs or any particular vulnerability inherent in the computer’s operating system,” CBC News reports. “Haley said downloading any file from an unknown source is a potentially dangerous practice, no matter what computer a person uses.”

Full article here.

MacDailyNews Note: Here’s our usual oft-repeated reminder for Mac users and anyone who’s trying to use any other platform: Do not steal software. Do not download and authorize the installation of applications (Trojans) from untrusted sources. No OS can protect users from themselves (or we wouldn’t be able to install any software). Those who grant attackers access to their Macs, should not be surprised to find their Macs are compromised in any number of ways, including being subsumed into botnets.

[Thanks to MacDailyNews Reader “Sitruc” for the heads up.]

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.