Posted on Monday, April 20 2009 @ 20:59 CEST by Thomas De Maesschalck
Symantec security researchers
have detected the first Mac botnet. Trojans
in pirated versions of applications like the iWork 09 suite and Adobe PhotoShop CS4 are to blame for this one.
After the torrent-ed copy of iWork 09 is installed, two new services OSX.Iservice and OSX.Iservice.B also get installed as start up item and gain root level privileges. These two services use different method to obtain a Mac user's password and then take control of the machine.
Mario Ballano Barcena and Alfredo Pesoli, Symantec researchers, posted their findings at Virus Bulletin (requires subscription) the botnet has some sophisticated capabilities that suggest the work of an experienced programmer who may have rented out his creation to someone else who actually used it for denial-of-service attacks, a common pattern seen in botnets formed from Windows PCs.
