Giveaway: Bracketron Case

If outdoor adventures are in your future this summer, enter to win a Bracketron Sport Case with Mount Strap from MacNN and keep that iPhone, iPod or other electronic device safe from the elements.

toggle

AAPL Stock: 454.74 ( + 1.77 )

MacNN News

http://www.macnn.com/articles/09/04/17/mac.based.botnet.active/

First Mac-based botnet becomes active

updated 09:40 am EDT, Fri April 17, 2009

Mac-based botnet active

The first known botnet to exploit Mac OS X has been activated, security researchers claim. The network is believed to have been put in place by iServices, a Trojan infection accompanying some pirated versions of iWork '09 and Photoshop CS4. Although downloaded at least 20,000 times by the end of January, the Trojan's payload has remained dormant for some time, in the same manner as many Windows botnets.

Symptoms of the active iServices botnet may begin with excessive CPU usage on a Mac, the result of a PHP script instigating denial-of-service attacks on websites. Many anti-virus programs have been updated to block iServices however, and it may also be possible to halt the Trojan's operations by deleting "System/Library/StartupItems/DivX" and/or "System/Library/StartupItems/iWorkServices" folders. Some security companies, such as SecureMac, are offering removal tools specifically targeted at iServices.

In spite of the potential number of infected computers, the danger from the current botnet is expected to be minimal, both as a result of security measures and the limited vectors of infection. Symantec researchers warn, though, that the code in iServices is designed to be extremely flexible, and as such modified versions may appear in upcoming months.

by MacNN Staff

Post tools:

TAGS :

security, Photoshop, iWork, malware

toggle

Comments

ibugv4
Fresh-Faced Recruit

Joined: Jun 2003

+1

04/17, 10:18am | report spam | close Reply |
Image that

You spent the $ for the hardware but were too cheap to drop the $ for the software so you got a nasty.

Mr. Strat
Junior Member

Joined: Jan 2002

+6

04/17, 10:28am | report spam | close Reply |
FUD Time Again

Stolen software which will require physical access and admin rights to install...BFD.

We're still waiting for an infection through no physical access, no admin rights, no PEBCAK.

testudo
Forum Regular

Joined: Aug 2001

-40

04/17, 11:19am | report spam | (2 replies) close Reply |
Re: image that

Maybe its because they spent all their money on the computer and AppleCare, they had nothing left.

Oh, right, I think only the affluent are supposed to be buying macs...

testudo
Forum Regular

Joined: Aug 2001

-28

04/17, 11:22am | report spam | (1 reply) close Reply |
Re: FUD

And so you believe that there is no security threat unless it meets your criteria? Nice to know.

And I love how people discount physical access to a computer. I guess Mac users believe all macs are Personal computers and are never used by more than one person...

ViktorCode
Fresh-Faced Recruit

Joined: Jan 2006

+8

04/17, 11:25am | report spam | close Reply |
Not Mac OS

This botnet (if it exist) isn't exploiting Mac OS X, it is exploiting users. There couldn't be any protection against users, that will gladly install and provide admin password to an app called Botnet Client for Mac, if those users are naive enough.

The worst thing to do is to buy antivirus app, which will be happily clogging your Mac while having no idea that this brand new app you've just installed (and which can be created in an hour) is a botnet client.

fubar_this
Fresh-Faced Recruit

Joined: Jul 2006

-12

04/17, 01:25pm | report spam | close Reply |
Same as Windoze

Mac users will call it FUD as usual, without realizing that this malware threat is the same as Windows. Almost NO Windows malware spreads by itself, and almost ALL Windows malware requires the user to actually download it manually and install it before it does anything.

And yet Mac users will say "if it doesn't spready by itself" or "if it requires admin rights" it's not a real malware threat. Get over it people, it is real.

testudo
Forum Regular

Joined: Aug 2001

-12

04/17, 01:30pm | report spam | (1 reply) close Reply |
Re: not mac os

Don't know how to break it to you, but most all botnets end up because users install c*** onto their computers. There's just a lot more PC users, which means there's a larger selection of gullible ones who'll install an 'update to flash' or 'missing codec' to get themselves infected.

BTW, an app does not need an admin password to be installed. It just would install to the current user, not as a system daemon or the like. But it certainly isn't hard to have a background program added as a login item...

fubar_this
Fresh-Faced Recruit

Joined: Jul 2006

+2

04/18, 02:05am | report spam | close Reply |
Re: Not Mac OS

I don't get ViktorCode's statement. Did you not read the part about most antivirus programs on the Mac catching this since January? Antivirus on Windows and Mac have always detected trojans. Norton AntiVirus on Windows updates its definitions every 5 minutes, but still detects most trojans heuristically.
Maybe you don't need antivirus but to make a blanket statement like that is pretty irresponsible.

nat
Junior Member

Joined: Mar 2002

-2

04/18, 06:46am | report spam | close Reply |
my gawd

"Maybe its because they spent all their money on the computer and AppleCare, they had nothing left."

you're like right wing nutjobs who regurgitate what hannity and limbaugh tell them.

localnet
Fresh-Faced Recruit

Joined: Feb 2005

-8

04/18, 10:27am | report spam | close Reply |
Funny...

Rush uses all Macs, big supporter of Apple. And it is apparent that you have never listened to him, as you are just regurgitating the left wing spin. The same left wing that doesn't listen to him either but can spend much of their day trying to discredit him.

localnet
Fresh-Faced Recruit

Joined: Feb 2005

-1

04/18, 10:28am | report spam | close Reply |
Funny...

Rush uses all Macs, big supporter of Apple. And it is apparent that you have never listened to him, as you are just regurgitating the left wing spin. The same left wing that doesn't listen to him either but can spend much of their day trying to discredit him.

localnet
Fresh-Faced Recruit

Joined: Feb 2005

-1

04/18, 10:28am | report spam | (1 reply) close Reply |
Funny...

Rush uses all Macs, big supporter of Apple. And it is apparent that you have never listened to him, as you are just regurgitating the left wing spin. The same left wing that doesn't listen to him either but can spend much of their day trying to discredit him.

localnet
Fresh-Faced Recruit

Joined: Feb 2005

-2

04/18, 10:31am | report spam | close Reply |
Something buggy here!

I hit the reply button once... Hmmm?

jarod
Fresh-Faced Recruit

Joined: Apr 2005

+1

04/18, 10:41am | report spam | close Reply |
To Testudo

Relax man.. lol :-)

imagine engine
Fresh-Faced Recruit

Joined: Aug 2007

+1

04/18, 04:15pm | report spam | close Reply |
Being responsible.

I've used several different OS over the course of my life and always believe in being prepared. Even though I've found OS X to offer better security than Windows I still run Anti-Virus software to not only protect my Macs but also protect other people I'm in contact with electronically from getting infected. For those not running an Anti-Virus on their Mac there's a free scanner for the iWork trojan here http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg as well free Anti-Virus programs such as iAntivirus http://www.iantivirus.com/ As for myself I use Intego's Virus Barrier http://www.intego.com/virusbarrier/ which for a nominal fee keeps my Macs, external network drives such as Time Capsule and even my iPhone 3G protected. The reality is if you don't use Anti-Virus software you run the risk of being infected from someone else even with OS X security. In this day and age of ever changing electronic media it would be more beneficial for OS developers such as Apple, Microsoft, etc to include their own Anti-Virus software at no additional charge just as they already include their own basic firewall. This would help to lower financial cost to the consumer as well ensure customers systems are more secure by default.

nat
Junior Member

Joined: Mar 2002

-1

04/18, 07:45pm | report spam | close Reply |
yeah

a sampling of comments so far in April, that's right, just this month. I don't need to regurgitate, I can read.
Racist, sexist, liar and yellow yournalism. Oops, it's not journalism, he's an "entertainer". He's allowed, as long as he's not a hollywood entertainer, to speak his mind.

Right.

"I just slapped myself. I'm torturing myself right now. That's torture according to these people."

Limbaugh compares Obama to Kim Jong Il

Limbaugh calls global warming a "hoax," claims world is "cooling"

"Liberal black politicians" envy Castro because he has "dictatorial power"

Discussing Obama comment that Islam has helped shape "my own country," Limbaugh says "you want to see, is he talking about Kenya or the United States?"

"I'm going to tell you who Obama is in world history: Neville Chamberlain"

Limbaugh says Iowa ruling on g** marriage is evidence of "the values of a dictatorship"

"The markets know Obama's coming back and so the markets are plummeting"

Limbaugh continues mob references in discussion of Employee Free Choice Act: "Tony Soprano standing in your business with a baseball bat or a lead pipe"

"I'm making a supreme effort to ingratiate myself to the babes," but female reporters asking Obama questions "are embarrassing"

Limbaugh: Fox News headline saying "market jumps on good news from G20" is wrong; markets up because of "mark-to-market" rules change, Obama being out of the country

Limbaugh: "In liberal terms, being an unelected governor, [Paterson] is an illegitimate governor; remember, they said Bush was an illegitimate president because he wasn’t duly elected"

Limbaugh on the Pay for Performance Act of 2009: "When the leftists start talking about fairness, they are the slave masters"

"24 inches of snow in Denver tonight and tomorrow ... thank you global warming"

"[I]f you look at what we are calling torture, you have to laugh"

"[T]he words 'Clinton' and 'booty' are two words that should not be close together in a news story."

Limbaugh suggests Obama would not have acted if he'd known that the Somali pirates were "actually young, black Muslim teenagers"

Obama and Napolitano "are extreme partisan radicals and they're ready to go to war with a domestic enemy - conservatives - that they consider to be a greater threat than Iran, than China, than North Korea"

Limbaugh blames Al Gore for woman being mauled by polar bear after jumping into animal's enclosure at zoo

Limbaugh: "Returning Captain Phillips' liberty will be used to take away portions of ours"

"I ... was confident this was going to get settled. It was going to be resolved one way or the other way and regardless how, President Obama was going to be given credit for it" on captians rescue from pirates

"Feminism was established so as to allow unattractive women easier access to the mainstream of society"

Discussing immigration, Limbaugh claims "Democrat [sic] Party way is to destroy the U.S. culture in order to get votes"

Limbaugh compares Somali pirates with ACORN

Rush's theory on why piracy is rebounding: "[E]nemies of America are friends of the Democrat Party"

Limbaugh: "Piracy is rebounding precisely because of the American left and the European left's lack of intestinal fortitude, gonads, if you will"

Limbaugh on Obama's remarks about homeless veterans: "Another myth"

Rush claims the Somali pirate saga shows how both Obama and Clinton are "inept" in handling "3 a.m. phone call"

nat
Junior Member

Joined: Mar 2002

-1

04/18, 07:49pm | report spam | close Reply |
rush

Limbaugh calls global warming a "hoax," claims world is "cooling"

Limbaugh: "The Mullahs and Putin and Medvedev and Hu Jintao in China celebrated the day Obama got elected" because they know liberals believe old Soviet propaganda

Limbaugh: "I'm going to tell you who Obama is in world history: Neville Chamberlain"

Limbaugh says Iowa ruling on g** marriage is evidence of "the values of a dictatorship"

Limbaugh claims 9-11 attacks are an example of the Islamic faith "reshap[ing] America"

"The markets know Obama's coming back and so the markets are plummeting"

Limbaugh continues mob references in discussion of Employee Free Choice Act: "Tony Soprano standing in your business with a baseball bat or a lead pipe"

"I'm making a supreme effort to ingratiate myself to the babes," but female reporters asking Obama questions "are embarrassing"

In discussion about college life, Limbaugh refers to female professors as "professorettes"

"When the leftists start talking about fairness, they are the slave masters"

Dow up today because "President Obama is out of the country"

cwsmith
Fresh-Faced Recruit

Joined: Aug 2007

+2

04/19, 09:48am | report spam | (1 reply) close Reply |
Back on topic please?

Any danger of this trojan propagating beyond those machines running pirated software?

resuna
Fresh-Faced Recruit

Joined: Jan 2005

+1

04/21, 03:57am | report spam | close Reply |
No propogation

There is no active infection code described in any of the reports. It is purely a passive attack, a "trojan horse" tricking people into downloading and installing it.

This is the most likely attack on Macs, since OS X and Safari don't have the ActiveX viral propagation API that Windows has been blessed by since 1997... and social engineering always works. Luckily, people CAN learn not to be social-engineered.

resuna
Fresh-Faced Recruit

Joined: Jan 2005

-1

04/21, 03:57am | report spam | close Reply |
No propogation

There is no active infection code described in any of the reports. It is purely a passive attack, a "trojan horse" tricking people into downloading and installing it.

This is the most likely attack on Macs, since OS X and Safari don't have the ActiveX viral propagation API that Windows has been blessed by since 1997... and social engineering always works. Luckily, people CAN learn not to be social-engineered.

Show More Comments

Login Here

toggle

Network Headlines

05/13	Job listings hint at near-future OS...
05/13	New York attorney general asks phone...
05/13	T-Mobile raises down payment price...
05/13	Bill Gates emotionally details final...
05/10	Changes coming to US AppleCare policies...

Show All

05/13	New York attorney general asks phone...
05/13	T-Mobile raises down payment price...
05/13	Lumia 925 images leak while Nokia teases...
05/13	Amazon launches Coins virtual currency...
05/13	Bill Gates emotionally details final...

Show All

03/02	Save $330 on refurb. 15.4-inch, 2.4GHz...
03/01	Pre-owned 8GB iPod touch 2G, drops...
02/29	$150 off Nikon Coolpix S80 Compact...
02/28	Plantronics BackBeat 903 Bluetooth...
02/27	Refurb. Seagate 1.5TB GoFlex Portable...

Show All

toggle

First Mac-based botnet becomes active

updated 09:40 am EDT, Fri April 17, 2009

Mac-based botnet active

Image that

FUD Time Again

Re: image that

Re: FUD

Not Mac OS

Same as Windoze

Re: not mac os

Re: Not Mac OS

my gawd

Funny...

Funny...

Funny...

Something buggy here!

To Testudo

Being responsible.

yeah

rush

Back on topic please?

No propogation

No propogation

Login Here

Register for our weekly email newsletter:

Connect tools:

Subscribe

to our RSS

Follow us

on Twitter

Most Read

10 Most Discussed

MacNN Marketplace

First Mac-based botnet becomes active

updated 09:40 am EDT, Fri April 17, 2009

Mac-based botnet active

Related Articles

Recent Articles

Image that

FUD Time Again

Re: image that

Re: FUD

Not Mac OS

Same as Windoze

Re: not mac os

Re: Not Mac OS

my gawd

Funny...

Funny...

Funny...

Something buggy here!

To Testudo

Being responsible.

yeah

rush

Back on topic please?

No propogation

No propogation

Login Here

Register for our weekly email newsletter:

Connect tools:

Subscribe

to our RSS

Follow us

on Twitter

Most Read

10 Most Discussed

MacNN Marketplace