When I write about Mac issues, I usually find myself abused by individuals convinced that there are no Mac viruses, never were any Mac viruses, and never could be any Mac viruses. Less advanced cases sometimes admit that there is Mac malware (and malware that isn't Mac-specific, but can affect Mac users), but buy into some interesting assumptions:

  • Only viruses count. It doesn't matter how much damage a Trojan does, or what information it steals, if it doesn't self-replicate. Pushing it out via spammed URLs, for instance, doesn't count.
  • All Windows malware is self-launching, not user-launched, but Apple are better at patching than Microsoft so there are no OS X vulnerabilities. In other words, in the unlikely event that a programming flaw that would expose users to malicious code ever occurred in an Apple application or OS version, it would be fixed before any of the bad guys noticed. Hmm....
  • No Mac user would ever fall for social engineering tricks anyway, and certainly wouldn't enter an administrator password so that they could run a porn movie. Well, I do believe that, and my friends the pixies have confirmed it.

So, rather than my trying to confuse anyone with facts, feel free to assume that the analysis by Mario Ballano Barcena and Alfredo Pesoli in this month's Virus Bulletin, wittily entitled "The New iBotnet" is complete fiction. For those of us on planet Earth, though, it makes interesting and not entirely comfortable reading. (I'm afraid it's only available to Virus Bulletin subscribers at the moment.)

The article describes two variants of the Trojan variously known as OSX.Iservice, OSX/iWorkS, and OSX/IWService, which are distributed as alleged cracked copies of iWork '09 and Photoshop CS4 shared on the torrent network.

(Don't underestimate the viability of such networks for the distribution of malware as well as pirated applications and other material: more illegal copies of one of my books were distributed in the first few weeks than have been bought legally since. In fact, one of them was in my possession long before my author's copies arrived!)

 I won't go into the techie stuff, but what most people will probably find interesting is that this is probably the first instance of a real, functioning Mac botnet: infected machines are reported to have been used in a Distributed Denial of Service attack (DDoS).

BBC involvement is not suspected. 

David Harley
Director of Malware Intelligence