Trojan Horse May be Hitting Mac Users

Forum Moderators: travelin cat

Message Too Old, No Replies

Trojan Horse May be Hitting Mac Users

engine

9:06 am on Apr 18, 2009 (gmt 0)

Trojan Horse May be Hitting Mac Users [pcworld.com]

Over the years, Mac users have been lucky enough that the word "zombie" only conjures up the shambling brain-craving hordes of the undead in movies like Shaun of the Dead, but Windows users have long been dealing with the menace of zombie botnets--networks of PCs corrupted by malware into vectors for malicious attacks. Now two researchers claim to have discovered the first Mac zombie botnet in existence and have published a paper in Virus Bulletin (subscription required).
The botnet stems from a Trojan horse embedded in a iWork '09 trial version that was making the rounds on file-sharing networks. The risk first came to light in January when security firm Intego warned of the potential threat hidden in the files.
Two researchers, Mario Ballano Barcena and Alfredo Pesoli, have now discovered two separate variants of the malware, each using distinct techniques to compromise users' machines.

whoisgregg

2:18 pm on Apr 18, 2009 (gmt 0)

making the rounds on file-sharing networks

Lesson: Don't trust file-sharing networks.

travelin cat

2:25 pm on Apr 18, 2009 (gmt 0)

Not sure why anyone would download iWork from any place but Apple, it's the same price (free) and a trusted source.

swa66

6:43 pm on Apr 18, 2009 (gmt 0)

iWork 09 isn't actually free AFAIK (compared to e.g. office it's really cheap, but not free). It doesn't even come for free with a new mac (iLife 09 does).

travelin cat

7:23 pm on Apr 18, 2009 (gmt 0)

It's not free but the trial version which is carrying the Trojan is.

swa66

7:35 pm on Apr 18, 2009 (gmt 0)

Well that trial bundled with a Trojan isn't "marketed" as a trial, it's pretending to be the real thing.

BillyS

12:37 am on Apr 19, 2009 (gmt 0)

Mac attack? Better switch to Windows...

Bewenched

2:39 pm on Apr 20, 2009 (gmt 0)

It's actually quite a few programs carrying it.

A Mac OS X botnet is turning infected computers into attacker-controlled zombies designed to steal information, according to researchers. The Mac botnet, a network of infected computers controlled by an attacker usually for malicious purposes, gained traction after attackers launched malicious software attached to pirated versions of the Mac productivity suite iWork �09, and Adobe Photoshop CS4 for Mac. The Mac malware spread on BitTorrent trackers and other peer-to-peer sites that contain links to pirated software. Symantec researchers Mario Ballano Barcena and Alfredo Fesoli discovered that the two separate variants of the Mac malware have now developed into a full-fledged Mac botnet, complete with information-stealing code. - From Channel Web

full story
[crn.com...]

EliteWeb

4:25 pm on Apr 22, 2009 (gmt 0)

One of the major reasons this was downloaded so fast is that Apple announced that iWork would not have DRM. No need for serial keys this time around and no need to perform cracks. On release date when the file hit filesharing it was complete with a trojan bundled into the installer.

Baruch Menachem

1:21 am on Jun 12, 2009 (gmt 0)

First lesson is not to go to sites like that. Apple has the trial version at their own web site. Geeeeeez.

My experience with Peer to Peer has been uniformly miserable. I tried lime wire mac, and it wouldn't install. And don't talk to me about Skype.

Interesting way to get past apple security though. Get someone to give you the admin password. Apple puts in so many locks, bars, gates and even moats against this kind of thing, and these users are passing the keys to their castle to the first burglar they can find.

Makes you wonder