Symantec spots first Mac botnet

Posted on Monday, Apr 20 2009 @ 20:59 CEST by Thomas De Maesschalck
Symantec security researchers have detected the first Mac botnet. Trojans in pirated versions of applications like the iWork 09 suite and Adobe PhotoShop CS4 are to blame for this one.
After the torrent-ed copy of iWork 09 is installed, two new services OSX.Iservice and OSX.Iservice.B also get installed as start up item and gain root level privileges. These two services use different method to obtain a Mac user's password and then take control of the machine.

Mario Ballano Barcena and Alfredo Pesoli, Symantec researchers, posted their findings at Virus Bulletin (requires subscription) the botnet has some sophisticated capabilities that suggest the work of an experienced programmer who may have rented out his creation to someone else who actually used it for denial-of-service attacks, a common pattern seen in botnets formed from Windows PCs.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments