iWork Trojan horse may be turning Macs into zombies
Over the years, Mac users have been lucky enough that the word "zombie" only conjures up the shambling brain-craving hordes of the undead in movies like Shaun of the Dead, but Windows users have long been dealing with the menace of zombie botnets--networks of PCs corrupted by malware into vectors for malicious attacks. Now two researchers claim to have discovered the first Mac zombie botnet in existence and have published a paper in Virus Bulletin (subscription required).
The botnet stems from a Trojan horse embedded in a iWork '09 trial version that was making the rounds on file-sharing networks. The risk first came to light in January when security firm Intego warned of the potential threat hidden in the files.
Two researchers, Mario Ballano Barcena and Alfredo Pesoli, have now discovered two separate variants of the malware, each using distinct techniques to compromise users' machines. They also conclude that the author of the malware was not the same person using it to launch the denial-of-service (DoS) attacks on Web sites including, according to the Washington Post's Brian Krebs, a site called "dollarcardmarketing.com." The infected package has apparently been download several thousand times, though it also needs to be installed in order to do its dirty work.
It seems likely that this development will spawn a new era of argument over the relative security merits of Macs and PCs. But Trojan horses on OS X are nothing new; the lesson here is the same old saw about practicing safe computing--for example, don't download software from suspicious sources. As developer Pete Yandrell, one of the first to discover the Trojan's nefarious deeds, said, "If I'd done the smart thing, and got my copy straight from Apple, I wouldn't have had this problem."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
mac
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
It's More Than A Trojan... It's a Targeted Weapon
In case anyone missed the part in the article where it said, "...person using it to launch the denial-of-service (DoS) attacks on Web sites, including according to the Washington Post's Brian Krebs, a site called "dollarcardmarketing.com." " So now, not only are software applications being recoded to release botnets, but they're also being picked up by other knuckle-heads to be used as a weapon.I happen to be the owner of www.DollarCardmarketing.com and had to endure that DDos attack. We have no idea how we got involved in this nonsense as we had nothing to do with the pirated software, nor do we even own Macs (nothing against them, I just grew up PC). I'd like to think we don't have any enemies and don't know if this was used against us from a malicious competitor, or simply lucky enough to be randomly picked as a "test site to see if it could be done". None the less, we certainly didn't deserve to be attacked in this manner.
I certainly understand the sentiment of, "Anyone who downloads and installs pirated software deserves what they might have coming..." However, I also think it's now worth noting that these applications are no longer random acts of malice, but they are also being used as vehicles of specific targeted attacks.
Fortunately for us, I had some people on my side that have extensive experience in fighting off such attacks and we were able to weather the storm with little impact to our actual consumer side business.
John Valente
www.DollarCardMarketing.com