Remember a while ago when pre-release copies of iWork ’09 showed up on P2P networks? And remember how those copies were later found to contain a pesky little trojan? Well, researchers at Symantec are reporting that infected P2P copies of both iWork ’09 and Adobe CS4 contained a malicious trojan designed to create the first ever reported botnet of Mac computers.
Once downloaded, the applications themselves worked normally, but the Trojan opens a “back door” on the compromised computer that allows it to begin contacting other hosts in its peer-to-peer network for commands.
A Botnet is essentially a network of computers which have been hijacked and and can thusly be directed to perform a variety of malicious functions, whether it be sending out spam, or participating in DOS attacks against targeted websites. Botnets have typically been a Windows only problem as it never made much sense to target Macs and their paltry sub 10% marketshare.
Researchers say that this is the first example of someone trying to create a botnet on the Mac platform, which they appropriately refer to it as the iBotnet.
The number of Mac computers affected by the trojan range in the thousands, which is a relatively small number by botnet standards. But as the Mac inevitably gains more market share, these types of attacks will definitely become more prominent.
But what I find most surprising in all of this is the fact that so many Mac users were actually interested in downloading copies of iWork in the first place. Since when did word processing and spreadsheets get so popular?
Thu, Apr 16, 2009
News