We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Hackers activate first Mac OS X botnet

Trojan creator may not be behind activation

The first botnet designed to attack Apple's Mac OS X operating system has been activated, according to rumours on the web.

Botnets are computers that have been unwittingly linked together via virus infection, or by installing malicious software from the internet. The group of machines can then be remotely controlled to perform tasks. Typically they send out spam email, perform DDoS attacks, and gather personal information.

In January it was revealed that illegal copies of iWork '09 and Photoshop CS4 - distributed via peer-to-peer (P2P) networks - were infected with a trojan called iServices. It now appears that the botnet created from this trojan has been activated, marking this the first time a Mac OS X botnet has appeared.

An Australian blogger said: "I found bunch of processes chewing 100 percent CPU on my laptop (OS X 10.5.6). Upon examining the script for the process, it turned out to be a PHP script running a DDoS attack on a website.

The installer contains two files called OSX.Trojan.iServicesA and OSX.Trojan.iServicesB. These are installed alongside the full software package.

Two Security Researchers at Symantec, Mario Ballano Barcena and Alfredo Pesoli, said in a Virus Bulletin that the malware has peer-to-peer communication, remote start-up, and encryption capabilities.

"The code indicates that, wherever possible, the author tried to use the most flexible and extendible approach when creating it - and therefore we would not be surprised to see a new, modified variant in the near future."

Interestingly, the two researchers also claim that the person who activated the botnet, was not the same as the person who created it.

Intego reported in January that 20,000 people had downloaded the infected installer.

After the trojans were first reported in January, most anti-virus software was updated to protect against the iServices trojan.

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model