Cybercriminals create first known Mac-based Botnet

cwa107 · Apr 16, 2009

Let this be a warning to those of you using pirated software...

A piece of malicious software unwittingly shared over a peer-to-peer network in January was the key tool in what security researchers are saying was the first known attempt to create a botnet of Mac computers.

Researchers at Symantec say the Trojan, called OSX.Iservice, hid itself in pirated versions of the Apple application iWork '09 and the Mac version of Adobe Photoshop CS4 that were shared on a popular peer-to-peer bittorrent network.

Once downloaded, the applications themselves worked normally, but the Trojan opens a "back door" on the compromised computer that allows it to begin contacting other hosts in its peer-to-peer network for commands.

More here.

RONE · Apr 16, 2009

Old news.

livinitup1 · Apr 16, 2009

Well, when I get my Mac I'll get iWork 09 preinstalled so it's cheaper. The only stuff I download now are just movies and music, no more programs/executables. I guess Mac trojans are on the rise now that more people are buying them than before.

cwa107 · Apr 16, 2009

livinitup1 said:
Well, when I get my Mac I'll get iWork 09 preinstalled so it's cheaper. The only stuff I download now are just movies and music, no more programs/executables. I guess Mac trojans are on the rise now that more people are buying them than before.

You are perpetuating the security through obscurity myth, which has been debunked a thousand times.

vansmith · Apr 16, 2009

livinitup1 said:
The only stuff I download now are just movies and music, no more programs/executables.

Aside from still probably being illegal in your jurisdiction, that logic is horribly flawed.

Downloading just music/movies doesn't exonerate you from legal recourse nor does it assure you that you are safe from trojans/viruses. I also see a sense of unwarranted paranoia. Just because something happens to one small group doesn't mean it will happen to you. I am by no means encouraging you to download programs illegally/condoning piracy but you seem to take a fatalist attitude towards this.

On a bit of an aside, did anyone see the Daily Show Tuesday with the pirate story? I forget the exact wording but Stewart said something along the lines of "now pirates have to go back to their old name, thieves".

DarkestRitual · Apr 16, 2009

Oh god that was classic.

I watched it on hulu last night. Now I'm going to watch yesterday's episode. No comedy central anymore since I moved to Ithaca, fiancee has only basic cable now. That'll change soon.

vxd · Apr 17, 2009

I find it hilarious that by just hearing or reading the words Mac, PC or Windows we all become kids in the playground comparing who has the best toys.

Kid 1: "My Transformer is more expensive, so it's better"
Kid 2: "NO!, Your Transformer are for babies, it doesn't do anything but shine. My Transformer is a lot better because it cost half the price of your one, it's bigger and you can replace and upgrade the parts
Kid 3: "Yeah so, at least my one doesn't break when I play with it."

Oh yeah I'm referring to the comments from that site

cwa107 · Apr 17, 2009

vxd said:
I find it hilarious that by just hearing or reading the words Mac, PC or Windows we all become kids in the playground comparing who has the best toys.

Kid 1: "My Transformer is more expensive, so it's better"
Kid 2: "NO!, Your Transformer are for babies, it doesn't do anything but shine. My Transformer is a lot better because it cost half the price of your one, it's bigger and you can replace and upgrade the parts
Kid 3: "Yeah so, at least my one doesn't break when I play with it."

Oh yeah I'm referring to the comments from that site

Especially in this day and age when almost EVERY Mac user has a Windows machine (or at least runs one in virtualization or dual-boots).

It was different back in the days when you had to decide on one computer, one platform. But now that computers have become so ubiquitous and relatively cheap, I'm not sure why we feel compelled to evangelize for one system over another.

the8thark · Apr 17, 2009

Not so ubiquitous and relatively cheap for some. But I agree they are within reach of many people these days.

Colonel Panic · Apr 17, 2009

cwa107 said:
You are perpetuating the security through obscurity myth, which has been debunked a thousand times.

Has it? Not trying to start a flame war, but when I read stuff like this from Pwn2Own hacker Charlie Miller, I'm sure what to believe.

"Why Safari?

It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.

It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it."

fleurya · Apr 17, 2009

RONE said:
Old news.

There's no need to be a jerk. I know this botnet was being downloaded in January, but it doesn't seem to be posted on this site anywhere? Maybe he's just trying to spread awareness and help out his fellow Mac users.

cwa107 · Apr 17, 2009

Colonel Panic said:
Has it? Not trying to start a flame war, but when I read stuff like this from Pwn2Own hacker Charlie Miller, I'm sure what to believe.

"Why Safari?

It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.

It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it."

The Security through Obscurity Myth asserts that there are less security issues with Macs because they have such an insignificant marketshare.

I think this article argues that Macs are inherently insecure because Apple hasn't taken the time to integrate any anti-exploit mitigation (and if it were true, I'd tend to think we'd be awash in web-based exploits).

Colonel Panic · Apr 17, 2009

cwa107 said:
I'd tend to think we'd be awash in web-based exploits).

Maybe we aren't b/c of marketshare.

cwa107 · Apr 17, 2009

Colonel Panic said:
Maybe we aren't b/c of marketshare.

Apple has been touting the security of Mac OS X since it was introduced, and Mac fans have been rubbing it in the face of Windows users for even longer. Don't you think that if it were really that simple, at least a few people would be tempted to claim the prize of writing the first Mac virus?

dtravis7 · Apr 17, 2009

cwa107 said:
Apple has been touting the security of Mac OS X since it was introduced, and Mac fans have been rubbing it in the face of Windows users for even longer. Don't you think that if it were really that simple, at least a few people would be tempted to claim the prize of writing the first Mac virus?

That I completely agree with. If it was that easy there are many hackers that would do it just to shut up the Mac users once and for all. It's been tried many times trust me. Once I was on a forum late at night and a hacker tried to trick me into downloading an OSX exploit. I did just to see what would happen. It really did not work even after I entered the System Password. And what he tried was patched 3 years ago now by Apple.

The Video Codec one from some video sites does work though but you do have to enter the password and install the Codec. I did it on my old G4 tower and was able to remove it in 30 seconds without the aid of any removal tool. No damage done, just DNS redirects till I took it out.

On a Windows system I would never have even installed it in the first place and it might have taken hours to get rid of completely.

If OSX was that easy to hack, trust me, there would be Malware all over the place for it. Am I saying it can never happen? No, not at all. NO system is 100% safe, but if you use your head and don't download every Codec and piece of Pirated software out there, you will probably be fine.

McBie · Apr 17, 2009

The challenge will be to know / detect if your computer ( Any OS ) has been compromised.
In todays cybercrime environment, a lot of effort is put in to make malicious code nearly invisible and keep low profile.

Every day experience tells me that there are some clever people out there writing malicious stuff and new concepts are being tried all the time.

Most important thing is to try and change people's behavior. It has been said many times before .... be vigilant.

" If we want things to stay as they are, things will have to change. "

Cheers
McBie

louishen · Apr 17, 2009

IF the security through obscurity myth were at all true, then the mac should get between 5 to 10% of the infections out there since it is still a market worth exploiting

Other minority web platforms have malware, including Linux, Symbian, Palm OS and Windows Mobile

I am not saying that OS X is immune to viruses, but if the job of spreading malware on the platform was easy, then we should have the same amount of malware as other minority OSes

TiggerRPh · Apr 22, 2009

I think this does bring up the question of whether this will make any Mac user purchase security software when prior to this threat they might not have.

Cybercriminals create first known Mac-based Botnet

cwa107

RONE

livinitup1

cwa107

vansmith

Senior Member

DarkestRitual

vxd

cwa107

the8thark

Colonel Panic

fleurya

cwa107

Colonel Panic

cwa107

dtravis7

McBie

louishen

TiggerRPh

Shop Amazon