Cybercriminals create botnet using Mac computers
Last Updated: Wednesday, April 15, 2009 | 5:38 PM ET
CBC News
Traditionally, botnets have spread through PCs running Windows, and not Macs, in part because of the low market share worldwide of computers like the iMac, shown here behind Apple CEO Steve Jobs in a 2006 photo. (Paul Sakuma/Associated Press)A piece of malicious software unwittingly shared over a peer-to-peer network in January was the key tool in what security researchers are saying was the first known attempt to create a botnet of Mac computers.
Researchers at Symantec say the Trojan, called OSX.Iservice, hid itself in pirated versions of the Apple application iWork '09 and the Mac version of Adobe Photoshop CS4 that were shared on a popular peer-to-peer bittorrent network.
Once downloaded, the applications themselves worked normally, but the Trojan opens a "back door" on the compromised computer that allows it to begin contacting other hosts in its peer-to-peer network for commands.
A botnet, or robot network, is a group of linked computers — sometimes called zombies — that have been commandeered, in some instances by criminals, to perform a host of actions, from connecting and infecting other computers to sending out spam or launching distributed denial of service attacks to bring down websites or web servers.
But traditionally, botnets have spread through PCs running Windows, and not Macs, in part because of the low market share of Macs worldwide.
The malicious software, or malware, is unique, however in that it only clearly targeted Mac users and also included a variation — found in the corrupted Adobe Photoshop CS4 file — that used some of the functions on the Mac OS that relate to its own authorization services interface, according to the Symantec Ireland authors.
"With malware authors showing an increasing interest in the Mac platform, we believe that more advanced [user interface] spoofing tricks may be seen in the future," they wrote.
Ryan Naraine, the security evangelist at Kaspersky Lab, said that while a Mac botnet may not be practical for criminals, the discovery of the Trojan is proof that no operating system is inherently safe.
