Mac malware builds botnet, while smug fanbois gently weep

In Friday's IT Blogwatch, Richi Jennings watches a Mac OS X Trojan construct a botnet for distributed denial of service attacks and sending spam. Not to mention Drop7...

Dan Goodin reports on the, "world's first Mac botnet":

Fresh research has shed new light on the world's first Mac OS X botnet, which causes infected machines to mount denial of service attacks. Symantec researchers Mario Ballano Barcena and Alfredo Pesoli said the infections are the same ones described in ... January.
...
The botnet employs a peer-to-peer engine, encryption and a structure that allows it to dynamically adapt ... comes courtesy of two trojans dubbed OSX.Trojan.iServices.A and OSX.Trojan.iServices.B ... The malware is surreptitiously included in copies of Apple's iWork 09 productivity suite and Adobe's Photoshop CS4 that are distributed on warez sites.

Ed Oswald calls it, "a shocker":

So much for the ‘Macs are immune’ meme. While this doesn’t point to an actual vulnerability just yet, it indicates that Macs like every other computer can be used for malicious purposes.

Of course the Apple faithful will be quick to yell this down, but I don’t think dismissing this is a good idea. So suck it up people and download a Mac virus scanner. Yes, you do need it.

Symantec's Andy Cianciotto and Angela Thigpen are hard at iWork:

When the Trojanized installer is executed, it also runs the malicious program iworkservices. The Trojan, OSX.Iservice, targets the Mac OS and is compiled as a Mach-O multi-architecture binary. This allows the Trojan to run natively on both PowerPC and x86 architectures.
...
The Trojan acts as a back door and opens a port on the local host for connections. It then attempts to connect to the following remote hosts:
69.92.177.146:59201
qwfojzlk.freehostia.com:1024.

The IT Nerd says, "This proves that Macs are not immune":

[But] this is a great time to mention that downloading pirated software is a dumb thing to do on ANY platform ... The hackers can’t take control of the computer the virus is running on, rather it attacks other computers. So while this is a threat, it’s not as bad as some of the stuff that you see on the Windows platform.

At least not yet.

Chris Foresman has wise words:

The two variants of the iServices trojan ... have been implicated in at least one DDoS attack ... After the trojans were reported in January, most anti-virus software was updated to remove the payloads associated with the iServices trojans ... If you suspect you were infected with either of these trojans, you may want to look into AV software.
...
While Mac OS X doesn't suffer from the sheer amount of malware that Windows does, the creation of this botnet should serve as a warning that security through obscurity isn't a sound security policy—and Macs are far from being obscure any more.

Ronald O Carlson always looks on the bright side of iLife: [You're fired -Ed.]

The good news here is that the iBot network includes only “a few thousands computers” and likely isn’t of any practical value to cyber criminals, which are known to use networks of millions of PCs to perpetrate denial service attacks or send huge volumes of spam, for example ... This whole affair appears to be an elaborate “proof of concept”—ie hackers trying to put snooty Mac users in their place by highlighting the fact that our operating system of choice (news flash) isn’t secure.
...
That said, don’t download and install software from peer-to-peer networks; get, install and run some anti-virus software ... be nice to people; and always use a condom…

And finally...

• "Do not miss out on this ... game"
  

Previously in IT Blogwatch:

• Office/Exchange/SharePoint 2010 "wave" breaking
• Spam study's scary CO2 numbers
• Amazon.com: FAIL and you
• ...more

Buffer overflow:

• Shark Bait: Unclear on the Concept
• Rory Cellan-Jones: How smart is Nokia?
• David Ehrlich: DOE Puts Up $41.9M for Fuel Cell Tech
• Paul Thurrott: Office 2010 FAQ
• Google Watch: Should Schmidt Resign from Apple's Board?
• Paul McNamara: What's the carbon footprint of spam? ... (Like I care)
• Jon Oltsik: The hype factor at the RSA conference
• Hadley Stern: Microsoft is Right About the Cost of Macs
• Owen Thomas: Maureen Dowd Gapes at the Horror of Google
• ...more

Like this stuff?

• Subscribe to the Computerworld Blogs Newsletter
• ...or click to subscribe to the RSS feed

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 24 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You can follow him on Twitter, pretend to be Richi's friend on Facebook, or just use boring old email: blogwatch@richi.co.uk.