If you let yourself get tempted into installing the pirated versions of iWork or Photoshop CS4 that circulated on Bit Torrent earlier this year, you may have unwittingly turned your Mac into a zombie. Security researchers for Symantec have turned up evidence that these zombie machines are being used to create a Mac-based botnet.

Botnets are used to perform DDoS attacks on systems, gather sensitive personal information, and send out a majority of the spam that clogs up the 'Net. While commonly made out of infected Windows computers, this is the first known attempt to create one from Macs.

The two variants of the iServices trojan, OSX.Trojan.iServices.A and OSX.Trojan.iServices.B, have been implicated in at least one DDoS attack. According to researchers Mario Ballano Barcena and Alfredo Pesoli, the malware has peer-to-peer communication, remote start-up, and encryption capabilities.

"The code indicates that, wherever possible, the author tried to use the most flexible and extendible approach when creating it—and therefore we would not be surprised to see a new, modified variant in the near future," according to their report. They also noted that the person who activated the botnet is not the same as the original author of the malware code.

After the trojans were reported in January, most anti-virus software was updated to remove the payloads associated with the iServices trojans. Removing the directories /System/Library/StartupItems/DivX and/or /System/Library/StartupItems/iWorkServices should help, but that doesn't rule out other remnants getting left behind—if you suspect you were infected with either of these trojans, you may want to look into AV software. We'll also again repeat our favored refrain of "Steer clear of pirated software and sketchy files from website or torrents," which should help you avoid infection in the first place.

While Mac OS X doesn't suffer from the sheer amount of malware that Windows does, the creation of this botnet should serve as a warning that security through obscurity isn't a sound security policy—and Macs are far from being obscure any more.

Further Reading