X

A Mac first - botnet is active

After the release of iWork '09 earlier this year, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet

CNET staff
See full bio
CNET staff
2 min read
After the release of iWork '09 earlier this year, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet (from iServices) has become active. Although the potential damage range is projected to be minimal, an estimated 20,000 copies of the Trojan have been downloaded.

From MacWorld U.K.:

"The installer contains two files called OSX.Trojan.iServicesA and OSX.Trojan.iServicesB. These are installed alongside the full software package."
Security experts Symantec caution that the iServices botnet code is structured to be extremely flexible, which could result in variations of the Trojan surfacing in the next couple of months. Symptoms users should be aware of begin with excessive CPU usage on their Macs (a result of instigating a denial-of-services attack on Web sites).

This malicious software has the capability to produce peer-to-peer communication, remote start-ups, and encryption, said researchers Mario Ballano Barcena and Alfredo Pesoli.

A botnet is a group of computers unknowingly linked together and remotely administered to perform specific tasks. Most commonly, they send out e-mail spam and collect and report personal information.

Be protected
Although it is extremely unlikely that most users have an infected computer--currently the only way to get the Trojan is by illegally downloading iWork '09 or Photoshop CS4, typically from peer-to-peer Web sites, installing it, and entering your administrator password--there are a few ways to check your system.

1. Most antivirus software has been updated to block the iServices botnet. Companies such as SecureMac offer removal tools specifically designed to block iServices.
2. You may be able to neutralize the activity of the Trojan by deleting these folders:
1. "System/Library/StartupItems/DivX"
2. "System/Library/StartupItems/iWorkServices"
3. The most effective way of staying safe is by not subjecting your Mac to even the possibility of being infected by malicious software--most abundantly distributed in pirated software packages, so don't download pirated software.

Resources
Read the MacWorld U.K. article describing the activation of the iServices botnet.
Click here to download and install iServices Trojan Removal tool.
(Note: this will begin an immediate download from MacScan.)

Experiencing problems? Have feedback? Let us know!

Resources

  • Read the MacWorld U.K. art...
  • Click here to download and...
  • Let us know!
  • More from Late-Breakers

    • Computing Guides

    Laptops
    Desktops & Monitors
    Computer Accessories
    Photography
    Tablets & E-Readers
    3D Printers
    Computing Coupons