Mac Trojan Builds Botnet, Symantec Researchers Say
A Trojan infecting users of pirated Mac software earlier in 2009 built a botnet used in a denial-of-service attack, according to an article published by two Symantec researchers. It is believed to be the first known Mac botnet.Malware attacks targeting users of pirated Mac software earlier in 2009 culminated in the creation of the first known Mac botnet, according to Symantec. According to researchers at Symantec, the Mac botnet was built on the backs of users of pirated versions of iWork '09 and the Mac version of Adobe Photoshop CS4. In an article in the latest edition of Virus Bulletin, Symantec researchers Mario Barcena and Alfredo Pesoli of Symantec Ireland dubbed the network of computers iBotnet and stated it was used to launch a denial-of-service attack against a Web site in January.
The botnet is not especially large, most likely due to the fact that it was targeting users of pirated software. When Mac-focused security company Intego first released an advisory about the Trojan in late January, it put the number of infected computers at 5,000. The malware that infected the bots, known as OSX.Iservice, installs a backdoor on infected systems and begins contacting other hosts for commands. Hidden in the pirated software, the malware infects users sharing the files over peer-to-peer networks.