Posted on 04/15/2009 9:08:14 PM PDT by Swordmaker
Traditionally, botnets have spread through PCs running Windows, and not Macs, in part because of the low market share worldwide of computers like the iMac, shown here behind Apple CEO Steve Jobs in a 2006 photo. (Paul Sakuma/Associated Press) A piece of malicious software unwittingly shared over a peer-to-peer network in January was the key tool in what security researchers are saying was the first known attempt to create a botnet of Mac computers.
Researchers at Symantec say the Trojan, called OSX.Iservice, hid itself in pirated versions of the Apple application iWork '09 and the Mac version of Adobe Photoshop CS4 that were shared on a popular peer-to-peer bittorrent network.
Once downloaded, the applications themselves worked normally, but the Trojan opens a "back door" on the compromised computer that allows it to begin contacting other hosts in its peer-to-peer network for commands.
Researchers Mario Barcena and Alfredo Pesoli of Symantec Ireland, writing in the April 2009 issue of the Virus Bulletin, say the network of infected computers attempted to initiate a denial of service attack on a website in January.
"OSX.Iservice is an interesting piece of malware — not only does it make use of Mac OS internals, but it is also the first Mac botnet that we are aware of," they wrote.
A botnet, or robot network, is a group of linked computers — sometimes called zombies — that have been commandeered, in some instances by criminals, to perform a host of actions, from connecting and infecting other computers to sending out spam or launching distributed denial of service attacks to bring down websites or web servers.
But traditionally, botnets have spread through PCs running Windows, and not Macs, in part because of the low market share of Macs worldwide.
Apple had 7.2 per cent of personal computer market share in the United States in the fourth quarter of 2008, according to technology analyst IDC, but was not among the top five PC makers worldwide, as ranked by shipments.
Kevin Haley, director of Symantec Security Response, said cybercriminals who want to create a botnet of computers traditionally attack machines running Microsoft's Windows operating system because the goal is to have the biggest network possible.
"It's a numbers game," said Haley. "If you're going to go after the largest market, you have to go after the largest target."
An example of a particularly successful botnet is the one created by the Conficker worm, which by some estimates is believed to have spread to as many as 12 million machines.
By comparison, the iBotnet, as the Symantec researchers have dubbed it, spread to only a few thousand computers before it was identified. A number of security firms say removal of the Trojan is simple once it has been identified.
The method used to infiltrate the computers — tricking users to install a Trojan hiding in a free version of software — is also a fairly basic way to access a computer, said Haley, and is not a technique exclusive to Macs or any particular vulnerability inherent in the computer's operating system.
Haley said downloading any file from an unknown source is a potentially dangerous practice, no matter what computer a person uses.
The malicious software, or malware, is unique, however in that it only clearly targeted Mac users and also included a variation — found in the corrupted Adobe Photoshop CS4 file — that used some of the functions on the Mac OS that relate to its own authorization services interface, according to the Symantec Ireland authors.
"With malware authors showing an increasing interest in the Mac platform, we believe that more advanced [user interface] spoofing tricks may be seen in the future," they wrote.
Ryan Naraine, the security evangelist at Kaspersky Lab, said that while a Mac botnet may not be practical for criminals, the discovery of the Trojan is proof that no operating system is inherently safe.
bookmark
Interesting.
The malware was apparently attached to the supposedly pirated copy of the FREE download of iLife'09 update posted on a bit-torrent site... Symantec claims that "thousands" of Macs were infected by downloading and installing this Trojan, but at the time, bit-torrent records showed the single instance of an infected copy was only downloaded "dozens" of times. The file was available free on Apple's website.
If you want on or off the Mac Ping List, Freepmail me.
I suspect that this "botnet" did not rise to even Symantec's low standards of important malware.
So is the key to protect macs is to avoid illegal downloads?
It sounds like a no brainer....
Oh, we can’t read the original article and see what it actually says unless we are willing to fork over $175 for a subscription... Nope, don’t think so.
Correction... I mis-remembered. It was not the upgrade to iLife’09, it was the Trial version of iWork’09... sorry about that.
Avoid pirated software. Lesson learned.
B.. b.. b.. but, Mac is impervious to any virus!!!!
Read the article. This was a TROJAN... an application that is masquerading as something is it not... or has something added to it. It is not a virus, the definition of which which requires self-replications, self-installation, and self-transmission.
Nor has anyone here claimed that the Mac is "impervious" to a virus... but it is damned difficult to write one for it... and even harder to find a viable vector.
But, but, I thought Macs didn’t have enough marketshare to attract malware authors.
So I wonder how many PC viruses over the years were created by MAC geeks trying to make Microsoft look bad.
Symantec on OSX.Iservice:Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
Damage Level: Medium
Payload: Opens a back door on the compromised computer.
Distribution Level: Low
Yep, it's not serious at all... it's FUD!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.