Apple Macintosh computers have long gone unnoticed in the computer security world. Mainly because hackers have rarely targeted them. Why target a system with such a small market share when there’s Windows to exploit? But lately the Mac is making headway in the war against Windows, and black hats have taken notice.
Bundled in with illegal downloads of things like Apple’s iWork 09 productivity suite and Adobe’s Photoshop CS4 from warez websites have come something new: A Macintosh-specific trojan horse virus. And not just any virus, but a complex and elegant botnet. Otherwise known as OSX.Trojan.iServices.A and OSX.Trojan.iServices.B, just iServices.A and iServices.B, or just generally grouped as OSX.Iservice, this botnet trojan is no simple bang-out from your average script kiddie. It has its own peer-to-peer (p2p) engine, it has startup and encryption services, and it is designed around a highly adaptable structure. In other words, it’s everything a dangerous virus should be. And the botnet of zombie-Macs infested with this virus is already launching Denial of Service (DoS) attacks, just like you’d expect from a PC.
“The code indicates that, wherever possible, the author tried to use the most flexible and extendible approach when creating it – and therefore we would not be surprised to see a new, modified variant in the near future,” say virus researchers Mario Ballano Barcena and Alfredo Pesoli. To which they add, “With malware authors showing an increasing interest in the Mac platform, we believe that more advanced [user interface] spoofing tricks may be seen in the future.”
I’ve been warning about it for a long time. As Macs regain popularity (especially in light of the world disgruntled with Windows Vista) the “safety” of the Apple Macintosh is a thing of the past. The only reason Macs traditionally haven’t been riddled with viruses like PCs have is because Macs are a niche market. But as their market share grows, so too does the big bullseye on them. We’ve been seeing more viruses hitting Macintoshes lately, and now we’ve seen the first true in-the-field Mac zombie botnet. Mac security may never be the same again. The curtain has been pulled, and we’ve found The Wizard to be nothing more than the same hackable software of everyone else.