First Ever Mac OS X Botnet Confirmed

Researchers claim the malware is spread through pirated software

By on April 17th, 2009 10:31 GMT
The world's first Mac OS X botnet has reportedly been discovered. Symantec researchers Mario Ballano Barcena and Alfredo Pesoli said the malware was actually discovered back in January, and came courtesy of two trojans, previously reported of here on Softpedia.

According to Symantec's researchers, a Mac OS X botnet causes infected machines to mount denial of service attacks. The botnet employs a peer-to-peer engine, encryption and a structure that allows it to dynamically adapt, according to DailyMail.co.uk. The researchers described the malware as follows, according to ZDNet's Zero Day blog.

"The code indicates that, wherever possible, the author tried to use the most flexible and extendible approach when creating it – and therefore we would not be surprised to see a new, modified variant in the near future," the duo declared.

The Symantec researchers added (according to the CBC) that, "With malware authors showing an increasing interest in the Mac platform, we believe that more advanced [user interface] spoofing tricks may be seen in the future."

As noted above, the botnet comes thanks to two trojans confirmed by security firm Intego. OSX.Trojan.iServices.A and OSX.Trojan.iServices.B were found and documented in January, with Intego reporting that tens of thousands of users might have already become infected.

"Intego has discovered a new Trojan horse, OSX.Trojan.iServices.A, which is currently circulating in copies of Apple’s iWork 09 found on BitTorrent trackers and other sites containing links to pirated software," the security firm stated in a bulletin. "The version of iWork 09, Apple’s productivity suite, [is] complete and functional, but the installer contains an additional package called iWorkServices.pkg," Intego explained in January.

1 Comment