Threat Management, Network Security, Incident Response, Malware, Network Security, Patch/Configuration Management, TDR, Vulnerability Management

Mac attack: Bot herders going after Apple computers

Mac users, your time has come. Long immune from virus and trojan attacks invading through internet connections, bot herders have found a way to infest Mac computers: via pirated software.

The finger is being pointed at BitTorrent, a popular peer-to-peer site that enables users to share large files, as the avenue by which pirated copies of Apple software, iWork '09 and Adobe Photoshop CS4, were downloaded onto Mac computers. The applications reportedly work, but embedded in their code is a trojan called OSX.Iservice.

Joris Evers a spokesman for McAfee, in an email to on Friday, explained that this Mac trojan was first found in January and installs remote control software on the Mac. This prompts it to begin contacting other hosts in its P2P network for commands, including what may be a first in the Mac world: the launch of denial-of-service attacks capable of bringing down websites or web servers.

Researchers Mario Ballano Barcena and Alfredo Pesoli at Symantec, Ireland, writing in the April 2009 issue of the Virus Bulletin [subscription needed], describe this as the “first real attempt to create a Mac botnet.”

The trojan going after Macs, dubbed the iBotnet by the Symantec researchers, has so far infected a relatively few thousand computers before it was identified, though some estimates place the figure in the tens of thousands. Experts at security firms say the trojan can be easily removed once it has been identified.

"Quite frankly there is no functionality in this 'bot' that we have not seen before," said Dave Marcus, head of research and communications at McAfee Avert Labs, in a blog post. "The only thing of concern is that it affects the Mac platform, which certainly is fresh territory."

Up until this incident, Apple computers have been relatively free of viruses and trojans. With a single-digit share of the PC market, Macs had escaped attention. Cyberthieves were after big targets to create the biggest network possible, experts explain, and that meant going after Windows-based machines. The recent Conficker worm, for example, is believed to have spread to as many as 12 million machines.

But, as Randy Abrams, director of technical education at ESET pointed out to on Friday, the market for computers is so huge now that even a 8 or 9 percent market share is a big number.

"There are enough Macs out there now that it's not much of a leap of faith to see people switch to Macs in an attempt to make money," he said.

The primary way they do that, he explained, is through extortion. After their denial-of-service attack shuts down a website, the bad guys will approach the company with a ransom demand to get the site back up. This is a particularly effective method with gambling sites, for example, which lose a lot of money being offline.

Then too, there's the fact that there's a lot less anti-virus software for the Mac, Abrams adds. "The Mac community has been led to believe they don't need AV," he said.

But that may be about to change as the market for Macs increases and more vendors of anti-virus products are looking at offerings for the Mac system.

"Mac users are no less susceptible to social engineering than Windows users," said ESET's Abrams. "They are as exploitable and have as much greed as Windows users."

To avoid these sorts of traps, Abrams said that educating computer users is the key. He recommended a website from the National Cyber Security Alliance,, for all computer users to learn best practices and gain a better understanding on what to look out for.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.