Sign up to our newsletter
When I write about Mac issues, I usually find myself abused by individuals convinced that there are no Mac viruses, never were any Mac viruses, and never could be any Mac viruses. Less advanced cases sometimes admit that there is Mac malware (and malware that isn’t Mac-specific, but can affect Mac users), but buy into some interesting assumptions:
So, rather than my trying to confuse anyone with facts, feel free to assume that the analysis by Mario Ballano Barcena and Alfredo Pesoli in this month’s Virus Bulletin, wittily entitled "The New iBotnet" is complete fiction. For those of us on planet Earth, though, it makes interesting and not entirely comfortable reading. (I’m afraid it’s only available to Virus Bulletin subscribers at the moment.)
The article describes two variants of the Trojan variously known as OSX.Iservice, OSX/iWorkS, and OSX/IWService, which are distributed as alleged cracked copies of iWork ’09 and Photoshop CS4 shared on the torrent network.
(Don’t underestimate the viability of such networks for the distribution of malware as well as pirated applications and other material: more illegal copies of one of my books were distributed in the first few weeks than have been bought legally since. In fact, one of them was in my possession long before my author’s copies arrived!)
I won’t go into the techie stuff, but what most people will probably find interesting is that this is probably the first instance of a real, functioning Mac botnet: infected machines are reported to have been used in a Distributed Denial of Service attack (DDoS).
BBC involvement is not suspected.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, ESET