Kiran.dks
Technomancer
iBotnet: First Mac OS X botnet?
Malware hunters at Symantec have discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.
Researchers found two malware variants — OSX.Iservice and OSX.Iservice.B — using different techniques to obtain the user’s password and take control of the infected Mac machine.
The variants have been found inside bogus copies of iWork ’09 and Adobe Photoshop CS4 which were shared on the popular p2p torrent network. The author of the malware downloaded the original/trial versions of each program and introduced a copy of the malicious binary into the packages. Users who then downloaded and installed the applications from the torrent download would have been infected. It is estimated that thousands of people have downloaded the infected torrent files.
They describe this as the “first real attempt to create a Mac botnet” and notes that the zombie Macs are already being used for nefarious purposes.
The researchers pointed to this blog entry that describes a a PHP script, running as root, launching attacks against an unknown Web site.
Read more...
Malware hunters at Symantec have discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.
Researchers found two malware variants — OSX.Iservice and OSX.Iservice.B — using different techniques to obtain the user’s password and take control of the infected Mac machine.
The variants have been found inside bogus copies of iWork ’09 and Adobe Photoshop CS4 which were shared on the popular p2p torrent network. The author of the malware downloaded the original/trial versions of each program and introduced a copy of the malicious binary into the packages. Users who then downloaded and installed the applications from the torrent download would have been infected. It is estimated that thousands of people have downloaded the infected torrent files.
They describe this as the “first real attempt to create a Mac botnet” and notes that the zombie Macs are already being used for nefarious purposes.
The researchers pointed to this blog entry that describes a a PHP script, running as root, launching attacks against an unknown Web site.
Read more...
