UPDATED: Symantec researchers issues first Mac botnet malware warning

9 to 5 Mac ^ | 10/1/2009 | Jonny Evans

[Swordmaker]

This is rehashed FUD from June. No one has seen even one member of this so called "iBotnet"!

"Asked if Mac users are under attack, Symantec notes: "The short answer, no."

That proves this is more FUD!

[the invisib1e hand]

the apple gets bit.

[Sparko]

Sales for Symantec’s Mac antivirus software must be lagging.

[La Lydia]

If I am interpreting this correctly, you would have to download something with this in it, and then install whatever it is, in order to do damage. Am I understanding this?

[Albion Wilde]

bump for later reading

[Anitius Severinus Boethius]

If I am interpreting this correctly, you would have to download something with this in it, and then install whatever it is, in order to do damage. Am I understanding this?

Yep, just the way 90% of viruses get on PCs.

[for-q-clinton]

Why would anyone waste their time creating a virus for the Mac? It would make more sense to target a PC since they dwarf the users of Mac.

I bet this was done by someone close to the AV company or the company that made the software that was pirated (so that it will scare others to not try and steal their software). Other than that no one wants to waste their time making a Mac virus.

[antiRepublicrat]

Correct. And you’d have to type in your admin password to allow it to be installed. And even then it can’t reproduce automatically to other machines.

[antiRepublicrat]

Why would anyone waste their time creating a virus for the Mac?

It's ripe for picking, almost no AV in use. Get 1% of the users and you have a 300,000-strong botnet, a big one by any standard.

[Swordmaker]

iBotnet FUD— PING!

Not only is this FUD, but it is rehashed FUD from way back in May.

These are the same Bozos who claimed in May's Virus Journal, a $150 subscription online magazine for hackers, that they had found the first Mac botnet and further claimed that there were more than 20,000 Macs involved in it. They did not report it to Symantec, their supposed employer, who still lists number of Macs infected with this Trojan as 0 to 50. This article, despite its inflamatory headline, reports the truth:

"Asked if Mac users are under attack, Symantec notes: "The short answer, no."

Mac Ping!

If you want on or off the Mac Ping List, Freepmail me.

[LasVegasMac]

It’s dead, Jim.

[chris_bdba]

Yep if you aren’t downloading illegal software you have nothing to worry about.

[SlowBoat407]

Be vewy vewy quiet. I’m hunting viwuses.

heheheheheheheh!

[for-q-clinton]

But there are still more windows 9x boxes (I think) out there that are even more ripe for the picken and can do more damage.

[Wright Wing]

Wouldn’t it just be cool to be the first and wipe out an entire talking point?

[Wright Wing]

Wouldn’t it just be cool to be the first and wipe out an entire talking point?

[La Lydia]

Okay, then maybe this is a stupid question, but why all the alarm and dire warnings then? If even low-tech dumb bunnies like me have figured out how to avoid this, how can it be that much of a threat? I found a concert and recital I wanted on that bit torrent thing, but decided not to indulge and ordered the DVD instead. Better safe than sorry.

[antiRepublicrat]

Scare people to create a market for your products.

[antiRepublicrat]

You don’t think these people are always looking to expand their business? If you were a business, wouldn’t you go after a market of 30 million more producers?

Besides, the 9x pool has been pretty much picked over already.

[Swordmaker]

If I am interpreting this correctly, you would have to download something with this in it, and then install whatever it is, in order to do damage. Am I understanding this?

Yes. But you'd ALSO have to be stupidly running in Root which is not activated in the default install of OS X. Far less than 1/10 of one percent of Mac users have activated a root account. Even fewer will routinely run in root.

That's why it is so hard to believe the claim of a 20,000 unit botnet. First you have to be smart enough to know how to activate root and simultaneously stupid enough to try to rip off, from pirate site, a free copy of trial software that is more easily obtained from Apple's own servers. The BitTorrent sites that had hosted the infected files back in January reported that the total downloads of the malware, before the files were removed, was in the " dozens." What are the odds that any one of those fewer than 100 downloaders was running in root and thereby vulnerable to being infected by this Trojan?