Mac Botnet Launching DDOS Attacks

Mac Botnet Launching DDOS Attacks - Printable Version

+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: Mac Botnet Launching DDOS Attacks (/showthread.php?tid=76563)

Mac Botnet Launching DDOS Attacks - Doc - 04-17-2009

http://blogs.zdnet.com/security/?p=3157

All because you downloaded the torrent instead of ~~hitting the newsgroups~~ buying legit software.

You should be ashamed of yourselves.

Malware hunters at Symantec have discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.

Writing in the current issue of Virus Bulletin (subscription required), researchers Mario Ballano Barcena and Alfredo Pesoli found two malware variants — OSX.Iservice and OSX.Iservice.B — using different techniques to obtain the user’s password and take control of the infected Mac machine...

Re: Mac Botnet Launching DDOS Attacks - lazydays - 04-17-2009

I am skeptical.

Re: Mac Botnet Launching DDOS Attacks - Blankity Blank - 04-17-2009

Doc wrote:
Malware hunters at Symantec have discovered a direct link between a malicious file embedded in pirated copies of Apple’s iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.

Writing in the current issue of Virus Bulletin (subscription required), researchers Mario Ballano Barcena and Alfredo Pesoli found two malware variants — OSX.Iservice and OSX.Iservice.B — using different techniques to obtain the user’s password and take control of the infected Mac machine...

It sounds a little weasel wordy. They found a "link". "... what appears to be the first Mac OS X botnet...". Do they have conclusive evidence or not? How big of a botnet could you really build off of pirated copies of iWork anyway if you're not using a method designed to propegate from machine to machine?

It seems like if you wanted to really build a good sized botnet you'd use something hotter and "sexier" than iWork. But I guess you never know. Still, I can't help but detect at least a slight whiff of FUD.

Re: Mac Botnet Launching DDOS Attacks - cbelt3 - 04-17-2009

I'm not too skeptical. It's a classic trojan horse, not a 'virus' or classic Windows malware that it delivered through some sort of web-by thing.

The morans who downloaded this actually installed it using their administrative passwords. So unless they're running LIttle Snitch or the firewall, they've been ownzed.

Re: Mac Botnet Launching DDOS Attacks - Doc - 04-17-2009

'Thing is, the trojan was detected pretty early on. 'Easy enough to figure out what it'd do. The only question was when it was gonna be used.
http://www.macworld.com/article/138432/piratedphotoshop.html

Press releases from Symantec are often little more than fear-mongering, but this was not published in a press-release. It came out in a trade-publication where people will undoubtedly try to reproduce their results.

Re: Mac Botnet Launching DDOS Attacks - Filliam H. Muffman - 04-17-2009

News about the trojan surfaced 4 months ago.

INTEGO SECURITY ALERT - January 22, 2009 Mac Trojan Horse OSX.Trojan.iServices.A Foundin Pirated Apple iWork 09 http://www.intego.com/news/ism0901.asp
Symantec uncovers Trojan concealed in pirate copies of Apple’s iWork ‘09 http://www.symantec.com/en/uk/about/news/release/article.jsp?prid=20090123_11
Mac OS X Malware found in pirated Apple iWork 09 January 22nd, 2009 8:53 am* http://blogs.zdnet.com/security/?p=2418
iWork '09 Torrent Carrying OS X Trojan [Updated] January 22, 2009 02:19 PM EST http://www.macrumors.com/2009/01/22/iwork-09-torrent-carrying-os-x-trojan/
Trojan hides in pirated copies of Apple's iWork '09 http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126609
Trojan found in pirated Apple iWork software January 22, 2009 1:07 PM PST http://news.cnet.com/8301-1009_3-10148359-83.html
Mac Trojan Hidden Beneath Pirated iWork ‘09 January 23, 2009 http://blog.trendmicro.com/mac-trojan-hidden-beneath-pirated-iwork-09/
Intego: Mac trojan horse found in pirated Apple iWork ‘09 January 22, 2009 11:37 AM EDT http://www.macdailynews.com/index.php/weblog/comments/19844/
Intego: Pirated iWork ‘09 Hides Trojan January 22nd, 2009 at 9:01 AM http://www.macobserver.com/tmo/article/intego_pirated_iwork_09_hides_trojan/
BitTorrent copies of iWork '09 may contain nasty Trojan Jan 22nd 2009 http://www.tuaw.com/2009/01/22/bittorrent-copies-of-iwork-09-may-contain-nasty-trojan/
I think that is most of the major links from http://macsurfer.com/?ndate=2009-01-22

News about the attacks surfaces.

* iBotnet: Researchers find signs of zombie Macs April 16th, 2009 http://blogs.zdnet.com/security/?p=3157

Edit: D'oh! forgot the link to a removal utility.
iWorkServices Trojan Horse Removal Tool for Mac OS X Free PSA - OSX.Trojan.iServices.A http://macscan.securemac.com/iworkservices-trojan-horse-removal-tool-free-psa-tool-for-mac-os-x