World's First Mac Botnet? Not Quite.
This morning, as I scrolled down the list of security Web sites I normally check via my RSS reader, I noticed several items referencing news about the "world's first Mac botnet." As I read on, it became clear this was neither news nor a first.
Ryan Naraine from ZDNet.com writes about a paper released via Virus Bulletin (subscription required) by a pair of Symantec researchers who found what was described as "the first Mac OS X botnet launching denial-of-service attacks."
The story goes on to describe how the researchers traced the botnet back to Mac users who had installed pirated copies of Apple's iWork 2009 software. Back in January, many tech outlets wrote about a Trojan that was being distributed with copies of iWork 2009, that was available on Bittorrent and other file-sharing services.
In my own coverage of that Trojan, I interviewed Pete Yandell, a software developer from Australia and curator of notahat.com, whose Mac was infected with this malware. Yandell informed me that as a result of his installing this modified iWork software, his Mac was ensnared in a botnet that was attacking a Web site called dollarcardmarketing.com.
In that story, I also interviewed the owner of dollarcardmarketing, who said his site was hit with a distributed denial of service (DDoS) attack that generated more than 600Gb worth of Web traffic more than the usual monthly amount, suggesting that whatever botnet hit his site was fairly sizable.
As Yandell posted on his site back in January, this Mac botnet was described as being orchestrated by a PHP script, running as root on the infected system. Turns out, in a March 2006 post titled When Macs Attack, I reported on the existence of a DDoS botnet that included Mac OS X systems. The botnet was being controlled by a script that took advantage of insecure installations of PHP running on Mac OS X systems as root.
April 17, 2009; 7:55 AM ET
Categories: From the Bunker | Tags: mac botnet
Save & Share: Previous: Creating a Public Nuisance with Insecure Web Sites
Next: Cyber Spies Breach Pentagon's Fighter Jet Project
Posted by: PSolus | April 17, 2009 9:54 AM | Report abuse
Posted by: StillLoveWebkit | April 17, 2009 11:23 AM | Report abuse
Posted by: BTKrebs | April 17, 2009 11:32 AM | Report abuse
Posted by: StillLoveWebkit | April 17, 2009 1:44 PM | Report abuse
Posted by: datadefender | April 18, 2009 6:03 AM | Report abuse
Posted by: vax_wiz | April 18, 2009 7:45 AM | Report abuse
Posted by: Garak | April 18, 2009 1:47 PM | Report abuse
Posted by: ttarrantt | April 18, 2009 11:40 PM | Report abuse
Posted by: funkmasterflex57 | April 21, 2009 12:03 AM | Report abuse
Posted by: davekeays | April 21, 2009 8:58 PM | Report abuse
Posted by: Chainmail | April 22, 2009 10:20 AM | Report abuse
Posted by: spidey103 | April 23, 2009 10:05 AM | Report abuse
Posted by: unixfool | April 23, 2009 4:33 PM | Report abuse
The comments to this entry are closed.