April 17, 2009, 1:53 PM — Over the years, Mac users have been lucky enough that the word "zombie" only conjures up the shambling brain-craving hordes of the undead in movies like Shaun of the Dead, but Windows users have long been dealing with the menace of zombie botnets--networks of PCs corrupted by malware into vectors for malicious attacks. Now two researchers claim to have discovered the first Mac zombie botnet in existence and have published a paper in Virus Bulletin (subscription required).
The botnet stems from a Trojan horse embedded in a iWork '09 trial version that was making the rounds on file-sharing networks. The risk first came to light in January when security firm Intego warned of the potential threat hidden in the files.
Two researchers, Mario Ballano Barcena and Alfredo Pesoli, have now discovered two separate variants of the malware, each using distinct techniques to compromise users' machines. They also conclude that the author of the malware was not the same person using it to launch the denial-of-service (DoS) attacks on Web sites including, according to the Washington Post's Brian Krebs, a site called "dollarcardmarketing.com." The infected package has apparently been download several thousand times, though it also needs to be installed in order to do its dirty work.
It seems likely that this development will spawn a new era of argument over the relative security merits of Macs and PCs. But Trojan horses on OS X are nothing new; the lesson here is the same old saw about practicing safe computing--for example, don't download software from suspicious sources. As developer Pete Yandrell, one of the first to discover the Trojan's nefarious deeds, said, "If I'd done the smart thing, and got my copy straight from Apple, I wouldn't have had this problem."
