AAPL Stock: 117.81 ( -0.22 )

Printed from

First Mac-based botnet becomes active

updated 09:40 am EDT, Fri April 17, 2009

Mac-based botnet active

The first known botnet to exploit Mac OS X has been activated, security researchers claim. The network is believed to have been put in place by iServices, a Trojan infection accompanying some pirated versions of iWork '09 and Photoshop CS4. Although downloaded at least 20,000 times by the end of January, the Trojan's payload has remained dormant for some time, in the same manner as many Windows botnets.

Symptoms of the active iServices botnet may begin with excessive CPU usage on a Mac, the result of a PHP script instigating denial-of-service attacks on websites. Many anti-virus programs have been updated to block iServices however, and it may also be possible to halt the Trojan's operations by deleting "System/Library/StartupItems/DivX" and/or "System/Library/StartupItems/iWorkServices" folders. Some security companies, such as SecureMac, are offering removal tools specifically targeted at iServices.

In spite of the potential number of infected computers, the danger from the current botnet is expected to be minimal, both as a result of security measures and the limited vectors of infection. Symantec researchers warn, though, that the code in iServices is designed to be extremely flexible, and as such modified versions may appear in upcoming months.

by MacNN Staff



  1. ibugv4

    Joined: Dec 1969


    Image that

    You spent the $ for the hardware but were too cheap to drop the $ for the software so you got a nasty.

  1. Mr. Strat

    Joined: Dec 1969


    FUD Time Again

    Stolen software which will require physical access and admin rights to install...BFD.

    We're still waiting for an infection through no physical access, no admin rights, no PEBCAK.

    Comment buried. Show
  1. testudo

    Joined: Dec 1969


    Re: image that

    Maybe its because they spent all their money on the computer and AppleCare, they had nothing left.

    Oh, right, I think only the affluent are supposed to be buying macs...

    Comment buried. Show
  1. testudo

    Joined: Dec 1969


    Re: FUD

    And so you believe that there is no security threat unless it meets your criteria? Nice to know.

    And I love how people discount physical access to a computer. I guess Mac users believe all macs are Personal computers and are never used by more than one person...

  1. ViktorCode

    Joined: Dec 1969


    Not Mac OS

    This botnet (if it exist) isn't exploiting Mac OS X, it is exploiting users. There couldn't be any protection against users, that will gladly install and provide admin password to an app called Botnet Client for Mac, if those users are naive enough.

    The worst thing to do is to buy antivirus app, which will be happily clogging your Mac while having no idea that this brand new app you've just installed (and which can be created in an hour) is a botnet client.

    Comment buried. Show
  1. fubar_this

    Joined: Dec 1969


    Same as Windoze

    Mac users will call it FUD as usual, without realizing that this malware threat is the same as Windows. Almost NO Windows malware spreads by itself, and almost ALL Windows malware requires the user to actually download it manually and install it before it does anything.

    And yet Mac users will say "if it doesn't spready by itself" or "if it requires admin rights" it's not a real malware threat. Get over it people, it is real.

    Comment buried. Show
  1. testudo

    Joined: Dec 1969


    Re: not mac os

    Don't know how to break it to you, but most all botnets end up because users install c*** onto their computers. There's just a lot more PC users, which means there's a larger selection of gullible ones who'll install an 'update to flash' or 'missing codec' to get themselves infected.

    BTW, an app does not need an admin password to be installed. It just would install to the current user, not as a system daemon or the like. But it certainly isn't hard to have a background program added as a login item...

  1. fubar_this

    Joined: Dec 1969


    Re: Not Mac OS

    I don't get ViktorCode's statement. Did you not read the part about most antivirus programs on the Mac catching this since January? Antivirus on Windows and Mac have always detected trojans. Norton AntiVirus on Windows updates its definitions every 5 minutes, but still detects most trojans heuristically.
    Maybe you don't need antivirus but to make a blanket statement like that is pretty irresponsible.

  1. nat

    Joined: Dec 1969


    my gawd

    "Maybe its because they spent all their money on the computer and AppleCare, they had nothing left."

    you're like right wing nutjobs who regurgitate what hannity and limbaugh tell them.

  1. localnet

    Joined: Dec 1969



    Rush uses all Macs, big supporter of Apple. And it is apparent that you have never listened to him, as you are just regurgitating the left wing spin. The same left wing that doesn't listen to him either but can spend much of their day trying to discredit him.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented