Mac Trojan Horse OSX.Trojan.iServices.A
Wednesday, January 28, 2009 at 01:38PM
drStrangeP0rk in Mac OSX Trojan, Trojan

I debated even including this since if you download illegal software do so at your own risk. Currently circulating various BitTorrent tracker sites and other sites which are know to offer pirated software is a Mac Trojan Horse named  OSX.Trojan.iServices.A. When a user installs the illegal copy of IWorks the first item installed is this Trojan in /System/Library/StartupItems/iWorkServices . The Trojan notifies the attacker that it is alive. The attacker can remotely connect to the compromised system and  perform operations as root. (If you have set up your system as root and have a limited admin the Trojan executes at that privilege level.)

Make sure never to install illegal software on your computer! When using BitTorrent always know the source and confirm the MD5 and SHA to the developers site, contact them if you must. There is no 100% protection and most Open Source offerings are sound, you however are responsible for the accumulation of evidence to establish a acceptable chain of trust. Know what your getting, check what your getting, trust what your getting.

Remember Mr. Mulder, "Trust NO ONE." X

Update on Friday, April 17, 2009 at 06:58PM by Registered CommenterdrStrangeP0rk

The botnet that was created using pirated versions of iWork 09 and Photoshop CS4 from BitTorrent site has become active. This was not the first nor will it be the last, reports of it being the first botnet that is Mac based is a selling point, nothing more. The Mac, being an Unix platform, is susceptible to a host of rootkits and remote control exploitation. (Who hasn't in the past aliased a command on a Unix box for fun.) That has happened on occasion in the past but now the Macintosh platform is gained a place at the table of larger groups of users, this includes former Windows loyalist. 

This botnet takes advantage of the PHP install on MacOSX root privileges. (Understanding access controls and users credentials can limit this attack which is true of many botnet trojans.) This botnet will have little impact due to the Mac market share but if you illegally downloaded iWork or Photoshop CS4 and are infected by OSX.Iservice  you can expect to experience a massive slow down. This is due to your Mac's participation within a botnet to perform DDoS attack on targets. 

A botnet is a collection of computers that act in tandem to perform a orchestrated attack. The infected machines are called zombies which can act independent using presets or controlled by a botnet master to perform his or hers biding. 

 

http://blogs.zdnet.com/security/?p=3157

Article originally appeared on magmatic.com (http://www.magmatic.com/).
See website for complete article licensing information.