A Mac first - botnet is active
After the release of iWork '09 earlier this year, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet
After the release of iWork '09 earlier this year, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet (from iServices) has become active. Although the potential damage range is projected to be minimal, an estimated 20,000 copies of the Trojan have been downloaded.
"The installer contains two files called OSX.Trojan.iServicesA and OSX.Trojan.iServicesB. These are installed alongside the full software package."Security experts Symantec caution that the iServices botnet code is structured to be extremely flexible, which could result in variations of the Trojan surfacing in the next couple of months. Symptoms users should be aware of begin with excessive CPU usage on their Macs (a result of instigating a denial-of-services attack on Web sites).
This malicious software has the capability to produce peer-to-peer communication, remote start-ups, and encryption, said researchers Mario Ballano Barcena and Alfredo Pesoli.
A botnet is a group of computers unknowingly linked together and remotely administered to perform specific tasks. Most commonly, they send out e-mail spam and collect and report personal information.
Although it is extremely unlikely that most users have an infected computer--currently the only way to get the Trojan is by illegally downloading iWork '09 or Photoshop CS4, typically from peer-to-peer Web sites, installing it, and entering your administrator password--there are a few ways to check your system.
1. Most antivirus software has been updated to block the iServices botnet. Companies such as SecureMac offer removal tools specifically designed to block iServices.
2. You may be able to neutralize the activity of the Trojan by deleting these folders:1. "System/Library/StartupItems/DivX"3. The most effective way of staying safe is by not subjecting your Mac to even the possibility of being infected by malicious software--most abundantly distributed in pirated software packages, so don't download pirated software.
Read the MacWorld U.K. article describing the activation of the iServices botnet.
Click here to download and install iServices Trojan Removal tool.
(Note: this will begin an immediate download from MacScan.)
Experiencing problems? Have feedback? Let us know!Resources