Over the years, Mac users have been lucky enough that the word "zombie" only conjures up the shambling brain-craving hordes of the undead in movies like Shaun of the Dead, but Windows users have long been dealing with the menace of zombie botnets--networks of PCs corrupted by malware into vectors for malicious attacks. Now two researchers claim to have discovered the first Mac zombie botnet in existence and have published a paper in Virus Bulletin (subscription required).
The botnet stems from a Trojan horse embedded in a iWork '09 trial version that was making the rounds on file-sharing networks. The risk first came to light in January when security firm Intego warned of the potential threat hidden in the files.
Two researchers, Mario Ballano Barcena and Alfredo Pesoli, have now discovered two separate variants of the malware, each using distinct techniques to compromise users' machines.
A Mac OS X botnet is turning infected computers into attacker-controlled zombies designed to steal information, according to researchers. The Mac botnet, a network of infected computers controlled by an attacker usually for malicious purposes, gained traction after attackers launched malicious software attached to pirated versions of the Mac productivity suite iWork ‘09, and Adobe Photoshop CS4 for Mac. The Mac malware spread on BitTorrent trackers and other peer-to-peer sites that contain links to pirated software. Symantec researchers Mario Ballano Barcena and Alfredo Fesoli discovered that the two separate variants of the Mac malware have now developed into a full-fledged Mac botnet, complete with information-stealing code. - From Channel Web
One of the major reasons this was downloaded so fast is that Apple announced that iWork would not have DRM. No need for serial keys this time around and no need to perform cracks. On release date when the file hit filesharing it was complete with a trojan bundled into the installer.
Msg#: 3895103 posted 1:21 am on Jun 12, 2009 (gmt 0)
First lesson is not to go to sites like that. Apple has the trial version at their own web site. Geeeeeez.
My experience with Peer to Peer has been uniformly miserable. I tried lime wire mac, and it wouldn't install. And don't talk to me about Skype.
Interesting way to get past apple security though. Get someone to give you the admin password. Apple puts in so many locks, bars, gates and even moats against this kind of thing, and these users are passing the keys to their castle to the first burglar they can find.