updated 09:40 am EDT, Fri April 17, 2009
Mac-based botnet active
The first known botnet to exploit Mac OS X has been activated, security researchers claim. The network is believed to have been put in place by iServices, a Trojan infection accompanying some pirated versions of iWork '09 and Photoshop CS4. Although downloaded at least 20,000 times by the end of January, the Trojan's payload has remained dormant for some time, in the same manner as many Windows botnets.
Symptoms of the active iServices botnet may begin with excessive CPU usage on a Mac, the result of a PHP script instigating denial-of-service attacks on websites. Many anti-virus programs have been updated to block iServices however, and it may also be possible to halt the Trojan's operations by deleting "System/Library/StartupItems/DivX" and/or "System/Library/StartupItems/iWorkServices" folders. Some security companies, such as SecureMac, are offering removal tools specifically targeted at iServices.
In spite of the potential number of infected computers, the danger from the current botnet is expected to be minimal, both as a result of security measures and the limited vectors of infection. Symantec researchers warn, though, that the code in iServices is designed to be extremely flexible, and as such modified versions may appear in upcoming months.