|
|
|
Mac Trojan Builds Botnet, Symantec Researchers Say
By: Brian Prince
2009-04-16
Article Rating: / 2
There are 0 user comments on this Network Security & Hardware story.
A Trojan infecting users of pirated Mac software earlier in 2009 built a botnet used in a denial-of-service attack, according to an article published by two Symantec researchers. It is believed to be the first known Mac botnet.Malware attacks targeting users of pirated Mac software earlier in 2009 culminated
in the creation of the first known Mac botnet, according to Symantec.
According to researchers at Symantec, the
Mac botnet was built on the backs of users of pirated versions of iWork '09
and the Mac version of Adobe Photoshop CS4. In an article in the latest edition
of Virus Bulletin, Symantec researchers Mario Barcena and Alfredo Pesoli of
Symantec Ireland
dubbed the network of computers iBotnet and stated it was used to launch a denial-of-service attack against
a Web site in January.
The botnet is not especially large, most likely due to the fact
that it was targeting users of pirated software. When Mac-focused security
company Intego first released an advisory about the Trojan in late January, it put
the number of infected computers at 5,000. The malware that infected the bots,
known as OSX.Iservice, installs a backdoor on infected systems and begins
contacting other hosts for commands. Hidden in the pirated software, the
malware infects users sharing the files over peer-to-peer networks.
Talk of the botnet attracted attention because of the platform.
Historically, little in the way of malware
has touched the Mac. Depending on whom you ask, this is due to either smaller
market shareGartner estimates Apple controlled about 7.4 percent of the market
in the first quarter of 2009or better default security, as many Mac users
contend.
Still, a MacBook Air did fall at the annual CanSecWest Pwn2Own contest
courtesy of an exploit targeting the Safari browser. Dave Marcus, director of
security research and communications at McAfee's Avert Labs, said while Mac
users may not be immune to malware attacks, they remain largely out of the
path of attackers.
"I think what it really comes down to is it's just not on their minds
as [much as] the Windows platform," Marcus said. "We see little if
any Mac malware when you compare it to the flood of malware for the PC-based
world, [there are] literally thousands of new pieces of malware a day for the
PC world."
Perhaps the most important lesson is for users to be wary of pirated
software.
"I always describe it as training wheels for newbies, because it's just
so easy to do," said Kevin Haley, director of Symantec Security Response. "All
you need to do is go to peer-to-peer and see what people are sharing ... insert
your malware into one of those files, post it up on the peer-to-peer network
and wait for people to download it."
|
|
�������x}r8s;�iW1ŋvI�%5m[�KU�-EA��!)Խ�rbbq3��-vu9劲%�L�!H|G�D.�}d�r�%3g4�>D���}.ЇPhi=*_rdx#sJ�Բ|W7�RGn�3�P/�a��8�(Q;Y|��v@ߩ�V�:AÙML}!*{�|LJ%h�!�1Qusad�^x/4�;U;]K_��Sѡ*v�25v+n
�/�@Z��#\DȁJi�=�Qr&N7w#2�5AR�ZB[��4��H5Jч�@oX�S.PVf̴;g�u[g�c=ױ}ǣ#3�GCL�H���=~0[��QM9$�7�V�\j�yaO,ӇqtRp�ce[7=]6g5�^q?=:&sz3
�wZEؘ*�
=�y��s xz`:v8,2踞þ�˲>ʏ9h42M�ٰO4TiUE9)TR?W���=r�}˴MTe7F}˯KjԮzם� `|�`h=v�u]+h5m=;yظ} Vb��}�"
@D%\.�NfI"0i�56ttXOB^�$9BFI?j�|%R+
h��ɥzb$Y̮g� f�VҘ�'�UUjH,i%?Zm&m}X&�Zh�C�A+t1iP;o=_ru[ݻ�9ޒVcCR=BgC:�
�ɗVk
p�O{uHyf�d�Pp8LwjTH�?gO7m2
�3dp&˭~uI��{(-tK9K2}!x�+FX*,>JA(�XӀ7�? 9d#2X��c��]vЎSl�jVmT��"d��h�|]��P3Z$9�2�3=Pru&Sk~�$M�т5Ŧ]`)edFSG$%/^P%P샖_[�2jFէTwIQ��a#�axl��|!XsI��((�G���NlO}戳}rjNTʊ0Wr{�#o��\z�cO�fmEz7^�?]{68^%glh|��X.B2iK1.QWG5MGRŦcfzR��b�(7Ztl�2X��bXvP�ѱ>���AgI'|FG|V�궝x�>:AGA�ticŦh4.@7&�h`C:}ҍ:L ��
w|h�x:� }C�a`ΨsZ
LP"AЂMx>tw�&>��l�d�(4�(s�yt{P&�&�zrt��cPG��DE}�vCρY��' >)�@}�>\���nZдc@<:�.aHd˵�FK��] cRRP ���hI#r�����
B),`@n!`� P
R1i�JLO:Tv{B#ҙ8�T\*�kR1eb -x[b�~I�Lg2+Iɴa���X�9�yDM�f#�T`B[ᛥLKa�k`Dݚ,��M& 4LX,p��U{:7�i���[N@Z:g�5$&.*l�h�As�q=7��
�Iϱ�(Y@aEдBk`JA�qyc]@�k��tlQ̴a85)ՠ�m��Lh�,G7u��IGy^�U�X�!
�t3tT��yvwӏϞs�ۀ}�Q>T5I5);e��Tۊv!39n!�h�W.Y� ��2cxRUy�Rt+[[3R7)\IYbT9�X�ScXO`Dq��>`(^HIbЙj!@�)zէl�.>�3-E֊eObuc"$l�J#ʴ.�Z*���Z�!d[�o|aa1E]�QZJKPD@BR)�
iY��^`(yt�MJТ-iM�
cc��9�}sö��VOU�OLXZ�:Z��^Ϛg+ �L��2�4
0# �DlVCax3�Zzg�As,\OT�.n9 /6�*g�b>Je�ǝ:~�ҧ�� ;BSjb�3}�Ä끄7�_ƅ/Љc`�{�:[��CZ\S�˕a].JM)jh>m G�C�=���1ɉV*�a0��؋TMk =ݝvmļZB@i/%1�IO5@&^`Ge��d�^s`M[`R9cDzlĠL#(MEZ"W=���G.�5MH87[τ{ᠢ�c�D8v_(+���G�˿\w�>:�V�N0\��}��OДa˘34|q6L,*IH�bAQ xL�kMf�٧gL副3 �i0ցq�_HE�y�[�pp��R��U.(L,�:DB\� �-�-UŨN=��=�`qT�=?c�K&� G�pӞ�rVyC濙?O=ޛEjPƆVVR夨V*�oV
(9�)�3K
��)*|}1@ww�zs4{R�;J�?�0t�*vȍ`s|eL�F�jAB;��ˌ5TJb!�<�Ypw\pR "膑Q#8y4�~Ɋ`3
ClW��19Lߘ߀3�)Z
�7l)�ctx8)ѡ,H���rUTՖnR�vU�#���tT#�� ����{4)�X�]Q�iRiQ���ع^SӲS)&Vt u| `_�nM=�=�7K�$
�X�
� d5}�u��*Z7ּӪ`b�cD�B:GdH��>�#`Zv*6��w�Ԫ6�
h)�6YS!bW�
hĞ�e�eK0el�jC鳰(OQM�G%�F \,ۀ
^�0�93+N_H]-M:f2̯��&F}G��#W5�K�؈9E�7�|6�u�lm�`gJU086��n ({�wOu~ʭܱG3_�?�K=�[L4�@V1-0]��̞�̙�-m�dmԚ�VNL&O�Vi
Z�;k}zGd�CR=�=��s/=Z�5SK8�6=R.��R
�=cx�8i>tgcOg�*�)ϣ��DʜYE/Q U-q'�.҄^ߍK��T1 Vv}b;_I|SeȓV�)k�i�+TX ?�3pa-XPj�B�D*>"�w#�C/
ސOVDC^�$GW� Oud*�+ZR�=�+8�rm�4r�OkXD+�++0�/<�7"h ޜ-�c�r�{
ewR�@%e�rI�Mq�{a/;CnK�-%.@^ذ:z�f.SnIo�.���Zx\[�XLh;{�X^�5eX�$fPd^VjM@iUI+T�Z}��̡#2a{��і�$�}/��\E�I'sSfn�
t�DoS�wg���#S$·RiE�mT)N?J\��:���j��e!E�O*'�-JP]q,g(
�,O$�%,t=�Ǔۻmp�I�i/쑰
+�~7?l)ɡ$ |BJ�D;}ZPf�7&3 99�^!VU�ߞ$&BP`��&w,OɪO@T�#N��Ew%]wwV�4O}Kͫc<3�ygoNӽ>&�"h�rGy��j|%<�j�ԹnqLJ'�V-~nI6?�N�eB&Gf�B�,
'8oOHzq!s'^E�{{l:[��m}�#8�.�d��hi^ 8Wk%e�;!붔u�߽�<�rBp'Bj^v_�$'d�0
svnކ'�M1�&05hSB&T
˓$-I^O eqj�i�e�ʒ��~(i'1ۡ �ҡۓ�4G8
(OLkrwisy/Ps~%1h��dgKU
3
KQ�k��Y2T�H�>a)-��*VZRZ-V6y�ʏhq�z�])��L�U9&�y/�uϏZEbݙm�s�mD�;1u���;2x�;�zZ1�ݞpne9?�jw`Gt�ͥ#�`L̴E��wmhG(V=w)c99T�>r�ەg_BxYa1~8rfi�?%>i^۷y�bA�c$H~ `@�GL|9~ÿ|§ ��
9��rĸU>|ۨ+=l�K�pv?���Jo�ҽ{g;᧥}e��swtR*9$�DH�!Hn
e_"2gNIJ :�L9zd<
,f}��x3D?-�ye96>g�nS3-�|s2÷'P >Q!#]bw�Q��=\z͞�YiIu�9�.s\�-"�ngZZ⽸�|W90.�=y$/A�v} ,D!=<:D`D:*p&�ώ<{c Z�~i4&Kmx<]tFor:? G Of�x�՛�3�\��P`-ݺ�ܭ1J��"d?�Rbh�L9o9٢p��r[���m�0\9f�7��V�*�[QVD3|}�rKv�-;=[�/1g&o)#cpߍ_K�*��֒K0K(p!$�8�M{fr+���7�~=nɸ�!E9$͖�x�LM!_��&p5dn᭰�LgQ]ŬC?DI=OF�{�p�=�K�L���c&Ɠ2>S'3�mk8/BQ-?���;2xJ7ӉIq\`k?&=Ǭ[�VP�?�J.�aE|i�Ւ2س'eS�uA!H 08tBz6��̴uϷ�4C|x�� T�jr�Gӛ�na1i{�pc)��|Wq,)w,A�ʛ�Sv7J2�'� ��m�-1qS�iћO&GG̒C��p�EQLcyʎk9q���JƉu�� G�&[L,&,;˰�dRYm!(Оh
s2Pq���ݾ[��&Px'qBimåyN�Dt�3�kU�l�9"Xn~D�"~V$]3�YJ� F/2ֵn��t^
Q3I��yɇ�AF(Ay��&C�L�+`l�-f:P!-a
"*ҝͤ>-dͿ5{jKܗ*ŒV*ɂ$C���6G$�Hb,��dt�!ŀɀ_�~"��[Rp]a
��H*ic}�dOb�LpX�x`�ۢ?eh��g6iRDugb/
�֕��a6Skڋ!!�#m-Xo�rdz�qon�X#Liuu
�
�px>����uI=q�cO�4{oGrSZޖ܊/Nn�{L
�8pT,Hg = l1�-#qTP
Y:2�H0�M�hR,�=>��z��
?B�{+5$mkj,85ޘ�H!U$v�/ݡ�t[*JA�\eB8�rp`_�퇇���C]i"-"�t��Rs�ka[H@lX�0<�;�~,m��%�( bb�QO�g`%ҧ{ K�nkʋ�Z"CZ;�bo�䩐wyvi/�Z2(�Y��,&&�,3F,�Q�~]D<ԄX��])�%sp7�e\ӔR.X潢�w�A3]��R0RF5dO�KoZ����`{1и 6+{yhB/w@b�K-I�]@jq d�z";.Q��+9!kOWFCM#ol(r_�1u;�BU3so47p�sVs ,yK�cX�4T�Be�Aň��} @<��IFR'�/_ݒkΜP���z�@�l2cw?K�$e��2^pܡ�YST_6�GKi_4�b>vd0�xRT C�7m2^˙g��ߴ�@�AzHD{#L�[Rycؕ��,3"�K�*hI
Åt��6xj6ͅ7 �:�B�.H�G~=T2XY��-^�ި,6cC>pK]]�nhJl]��ccjܖ%o0�<��ȏtK}{Tm�j韩/>Rl�C02p8���H%/2h[�eō�0Ix@۱N]IL�a�!-(!-D.�aIzmP&Ȉ$9q4�ꚚrMm
@` �~}PDZc@�O��^�a)qc�)�kp���xs��L,x{�n���$?؎7ӭI�6ǜMEfAiw{T9�Us\:$VG ]J1xy��[?Ǹ+5&LS8RE(�*Io�$TGpn.R(��M�`�i~Ũ�t�@
lNLyM13ɆX5�0y�f�{�Vy
{Þj�+LxY8OH_q�=o74/Q
XsS577�Z}n�/�Ԙ3\h
o�Km
$:r�/)�'}�y M�8M/k瓔K�PI
ף�:�yL${MĀo/T���y=�m_8ZՔV-`{�dE�̆,zR6�@n5r]��X��Xqe�Z{ԑ8mx�#/bZN{ւ4G�Q1��`�e�e؈g�N((�b�XL~-=W8��I�|}��.[�>V-�V]M5+^(]Y��I`T�� +^Rc$�W6 mM{6!Ң3�f;6v�nbfRjs>ѽ_��3B�sl^�9bu{Ω���Fʒ2;Wlfm?ڒV�o5JzK(Әdl
�.ȅn붩����a���RQ̏XJ0[1 K}�9\G6يb�>
1Xpt�7֫bF .�o3N Ļ1<4�x�cgL;�Lj��1�1t+P̲jN�T\{��qX#��^|BVU�ߞ$r &m�*�`5�;mJ7-{b|~)}�ANM��L��SxC�7�)(Gʑޒ�_Lq48}�ڀ��k�E~�:��xd»J���=~�}LRO����8\�v��CRY
`O�i$�~b s2vFf.B�T0
0!�`N�v�f\z~}C��@,tQ^H�G�u�.5a,%�Gs�odgP1c�~&��C�O좺�t�9@<�a�]�mIֽ?C.7LGh[�:�L8!�i�?�/=�0"sA~b�C:�
lZ
O���F(Є��G#ws3mǸۭ�sx�XҎ@!,���^C. Q?9 <6�mDRP�)��0�0mÚ36]?"!o)5�Km�EGcs�9%�z!K��q�{y�<�+Dja4ȯ�]α"�@�[� g
o�����!�z �v7U�I�u�~+V�K�
�X`��,2E<�exY<>sO�we~rt6#*�W�\2�yAW@W�t�qLw<_[nNJ>s\�ȜHqȜn1'\�3��|.y��|e8�Ntw0 }^fҖ1�O���ٞ܃�~��n��7�}FR�n��_q�L
~iMnڧ�\�v��<2kӫk+�kp'k͠6KC>Yé;yx?
oRgU=j{��$o�qA��z�0�7}e\ 7㌠6�هN�{�xuCڷM}=z}EPW,MdB�'pZc(+"B7�4�\9g)H�O�W�nޓ97p��L�g��>���$usC\ԴZjRs'�%d6#8""2'O#jJUN�-JT�L��3DA�zg�
�l]{ۦJ�̾<8fȳRL�
u+�J�!'\B�x�˗Q]WeL*,e��aQKp$v�Ő�@0�~Y8P*`)�q8H�؞;�Ḟ$�r.�g�Lvr{] N:AÆo^Vٍv"n�<4w�z:m��:@4ǝaƹrV��=x3y*mV=�ȾF=C�Qg�x-&�SGtW�ȕ&a"�>�oٔ^^C.�N*˗ X62YЩnۘU�,�`O�`XC�M['l�ybb)mԿ+�H|j�[�l�;$};�F(r1>t>�(�luy5k2��ʮix\;ul>:�s�o�n]}#K���^'(z��̸>�Iϐ�R8SbС�_456q�twkd9HR�=�I�*4uMf�βْ����szn%0)%� �KBl��m�WQHm{X�|@ăx!$K0W���p\eC[gI2D~{F=&*P��2Ntx9�=
|n[~Qڗ�E@1agG�;4RV"5y��!#R.ܐO�F�{)0XP�y4w�9n�9wa�[T:�>���A{禭ۆ*ع+s4cbVHh��=�)O?6o-[@�
e`�1v4ae8"x��Yձ]w
�{��3>Ƌ�rx{Go/��cHPVFׁݞV���Xo}
8l�O.�hz|�}́ XsCQ%w`
�=[u�}^n� 2)1��<&`ߟ�2"�L�-� �Ԣ?3g�)+],bylԙj��w6E-_�T�G�x
ky�f�ŧ3+o�t-(�5x2�n�·O�ek[(|
�_a[0~OY��+JbA,\�n2?>Ş�i3|��@ =( opPхk�+W�ei$ցinO8ǩc[mx�� �u�uky!.��1�:7 ˟]~Tqٮ�7(GLcӴ+QaW:��7�n
M�ywTFn�QaW_<�tc�bs,ۙB
ya1 g'{y瞲{~k�C'>
;�u
2^;FB~ea��gZϼ:?ʂ �Q�F$V30�(�y��lH�K9��m5�0X�1'��N�R�(t>f
cJ\g��ۂ�~�yЍōcƂ���˙.X)��OZ�N~LʅcaPѽk�
x�ٚ{�U$b�C=�Ayc1�bf�虰�W`2M��.<�jgW�P
Y�-f�1!Dv88)ҡC;@̚R!*aڇl*~�H�&/+�,{+�УDaxFs-^иQ�>�χ"@�Ă+"e��}q$Yǐy6�gn_1���?.⬕J"4&o�(FҢ̰Ge=)jaKm�N�~늘P�%On6PUN9�KIk^�iLN�ƇZڱ �wm<lx�6�1��?t*��
|
Network Security & Hardware 
