In their latest “Virus Bulletin” Symantec employees report that obviously the first Mac OS based botnet has appeared. They call it the iBotnet. Two trojan malwares could be identified as:
The trojans aim at gaining the user password or the root password – depending on what configuration you’re running. By default the “root” account is disabled on OS X and therefore user rights are getting leveled in certain situations. When having gained the user or root password the system is compromised and gets added to the botnet.
Both these files are getting distributed currently via peer2peer networks like bittorrent. The trojans are included in illegal copies of
- iWork09 and
- Adobe Photoshop CS 4
It is estimated that some thousand Macs are already infected.
There is strong revealing that the botnet already has been used for Distributed-Denial-of-Service (DDoS) attacks using a PHP script.
From analyzing the trojans the Symantec guys reason that there might also be other versions already in the wild, since it seems to be a kinda flexible and expandable technique. Our recommendation: get yourself a virus scanner for your Mac, asap.