Forgot your password?
typodupeerror
Security Businesses Apple

Zombie Macs Launch DoS Attack 757

Posted by timothy
from the but-wait-you-told-me dept.
Cludge writes "ZDNet has a story (and several related articles) about how Symantec has discovered evidence of an all-Mac based botnet that is actively involved in a DOS attack. Apparently, security on the exploited Macs (call them iBots?) was compromised when unwary users bit-torrented pirated copies of iWork 09 and Photoshop CS4 that contained malware. From the article: 'They describe this as the "first real attempt to create a Mac botnet" and note that the zombie Macs are already being used for nefarious purposes.'"
This discussion has been archived. No new comments can be posted.

Zombie Macs Launch DoS Attack

Comments Filter:
  • by tacarat (696339) on Thursday April 16, 2009 @07:51PM (#27605347) Journal
    ... that somebody didn't do it the old fashion way and post that the website host said bad things about Steve Jobs?
  • Sigh (Score:4, Informative)

    by Presto Vivace (882157) <marshall@prestovivace.biz> on Thursday April 16, 2009 @07:51PM (#27605349) Homepage Journal
    the end of innocence for Apple users.
    • Re:Sigh (Score:5, Insightful)

      by l0ungeb0y (442022) on Thursday April 16, 2009 @07:57PM (#27605415) Homepage Journal

      What the hell are you talking about?

      Malware ie: trojans have been around for ages. This has nothing to do with the overall security of the OS and everything with the security threat the user is to themselves.

      • Re:Sigh (Score:5, Insightful)

        by Comatose51 (687974) on Thursday April 16, 2009 @08:51PM (#27605987) Homepage
        While what you say it's true, taken in the context of Slashdot, it's a double standard. Whenever a trojan hits Windows, people are talking about how poorly designed Windows security is and how the user usually always runs as "administrator". People bring up how on Ubuntu and OS X, you have to sudo or login to do administrative things. Apparently that only works to a certain extend. I use and love my Macbook Pro but let's have some fairness here (not specifically you but Slashdot in general).
        • Re: (Score:3, Interesting)

          by ianezz (31449)

          Whenever a trojan hits Windows, people are talking about how poorly designed Windows security is and how the user usually always runs as "administrator". People bring up how on Ubuntu and OS X, you have to sudo or login to do administrative things. Apparently that only works to a certain extend

          Well, I'd say there is a difference between a software package that is a trojan from the very start and one that, by running with administrative privileges all the time, can also be exploited later at runtime into i

      • Re:Sigh (Score:4, Funny)

        by DanMelks (1108493) on Thursday April 16, 2009 @09:01PM (#27606065)
        Well, the first Troy was established approximately 3000 BCE so one might expect that trojans have been around for 5000 years. Even then people knew not to eat bad apples.
    • Re:Sigh (Score:5, Informative)

      by Tim99 (984437) on Thursday April 16, 2009 @09:49PM (#27606489)
      Before we all get too hysterical, read http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-012216-4245-99 [symantec.com]

      Threat Assessment
      Wild Wild Level: Low
      Number of Infections: 0 - 49
      Number of Sites: 0 - 2
      Geographical Distribution: Low
      Threat Containment: Easy
      Removal: Easy
      Damage Damage Level: Medium
      Payload: Opens a back door on the compromised computer.
      Distribution Distribution Level: Low

      Someone seems to be trying really hard to publicise a minor Trojan threat that has been published and out there since January.

  • A matter of time (Score:5, Interesting)

    by Fwipp (1473271) on Thursday April 16, 2009 @07:56PM (#27605385)
    I always wondered when those pirated copies of software would be become malware vectors. Maybe the quickest way to stop software piracy is through evil copies of legitimate software.
    • Re:A matter of time (Score:5, Informative)

      by despisethesun (880261) on Thursday April 16, 2009 @08:01PM (#27605459)
      Virus infected warez have been a fixture of the PC world for well over a decade now, if not longer, and it hasn't really made a dent in piracy.
  • it just... (Score:5, Funny)

    by BloodyIron (939359) on Thursday April 16, 2009 @07:56PM (#27605389)

    it just... BBRRRAAAIINNNNSSS

  • by 140Mandak262Jamuna (970587) on Thursday April 16, 2009 @07:57PM (#27605405) Journal
    But these iZombies have such cool eye-candy the Windoze and Linux could never catch up in the cool factor in a million years!
  • by Reality Master 201 (578873) on Thursday April 16, 2009 @07:58PM (#27605419) Journal

    If a user is tricked into installing malware on a machine, the machine is infected with malware.

    It's a shame people think Macs are somehow magically protected against viruses and other nasty computer stuff, merely by virtue of the manufacturer and operating system. It's probably more of a shame that Apple has, in the past at least, marketed Macs as being (more?) immune to viruses than PCs - something which somewhat true, but only for statistical reasons.

    It's like STDs - if you're careless and go sticking your junk everywhere without taking precautions, you'll probably catch something cruel, eventually.

    • by Anonymous Coward on Thursday April 16, 2009 @08:25PM (#27605709)

      Correct me if I'm wrong, but a trojan doesn't qualify as a "security issue" on the part of the OS. If a trojan succeeds in compromising the system, it's the fault of the user, not the OS.

      • Re: (Score:3, Insightful)

        by shird (566377)

        Yes that's correct - by definition a trojan is malicious software disguised as legitimate software. But what's your point? Who said there was a "security issue" with Mac?

        90% of the problems on Windows are attributed to users installing malicious software. This is what Mac users go about claiming they are immune to, which is ridiculous.

        Claiming to be immune to trojans is like claiming your OS is incapable of running software that can send an e-mail, afterall, that is all some trojans do (ie spam bots).

    • by Zen Programmer (518532) on Thursday April 16, 2009 @08:28PM (#27605745)

      It's like STDs - if you're careless and go sticking your junk everywhere without taking precautions, you'll probably catch something cruel, eventually.

      That's why I run Linux. Running Linux pretty much rules out any possibility of having sex, and hence any chance of contracting an STD.

    • Re: (Score:3, Informative)

      by neoform (551705)

      I'd tend to agree that mac's are protected against viruses, provided they don't download pirated software that contains viruses.

      Also, like all linux distros, in order to do any real damage on a mac, you need to enter an admin password.. simply opening a virus infected app wont do it.

      • by Burdell (228580) on Thursday April 16, 2009 @08:40PM (#27605869)

        Also, like all linux distros, in order to do any real damage on a mac, you need to enter an admin password

        Please stop repeating this fallacy! First, on a single-user system (e.g. the vast majority of home computers), the end user has rights to all the interesting data files (songs, pictures, documents, etc.), so anything running as the user can do significant local damage. Sure, the OS and apps may be protected, but that isn't really what the end user cares about (since that's all easily replaced). However, since the goal of most viruses/worms/trojans is to control the computer for distributed and untraceable nefarious purposes (and not have the owner notice), they don't do that anymore. They cause the computer to join botnets, connect to master control servers, and wait for instructions. Sending spam, scanning other systems for vulnerabilities, hosting fast-flux phishing sites, etc. don't require elevated privilege.

  • Um (Score:5, Funny)

    by Card (30431) on Thursday April 16, 2009 @07:58PM (#27605429) Homepage

    So does this mean that Macs are finally Enterprise Ready?

  • by joocemann (1273720) on Thursday April 16, 2009 @07:59PM (#27605433)

    Mac: Hi, I'm a mac!
    PC: Im a.. *cough* PC...
    Mac: Oh, you must be sick? Well I can't get sick.
    PC: really?
    Mac: (whispers) "Nobody knows I got HIV"
    PC: Ahhhh... I just got a cold
    Mac: See! I don't even have a cold!

  • Linux. (Score:4, Funny)

    by RichardJenkins (1362463) on Thursday April 16, 2009 @08:00PM (#27605441)

    The obvious solution is to switch to Linux, because everyone knows it has no viruses and never will.

    I SAID NEVER WILL.

    • Re:Linux. (Score:5, Insightful)

      by LWATCDR (28044) on Thursday April 16, 2009 @08:36PM (#27605809) Homepage Journal

      Except this isn't a Virus. It is a Trojan.
      Any OS can be infected with a Trojan even Linux.
      I find it anoying that under Linux most software really expects to be installed as root.
      Maybe there needs to be a new level called app for applications but then you have to problem of libraries.

  • iZombies (Score:5, Funny)

    by mc1138 (718275) on Thursday April 16, 2009 @08:09PM (#27605515) Homepage
    A botnet that just works.
  • by get_your_guns (1380583) on Thursday April 16, 2009 @08:14PM (#27605579)
    MAC users should be rejoicing around the world! What this actually means is that hackers are noticing MACs are gaining in population and and they see profit in targeting them. What's going to fall next, Rome?
  • Quality of posts (Score:5, Insightful)

    by Anonymous Coward on Thursday April 16, 2009 @08:25PM (#27605707)

    It's a shame that the level of intelligence and knowledge of the posters to Slashdot seems to still be in decline.

    I would think that anyone who wants to use this "revelation" as some kind of troll against OSX would at least be able to differentiate between a virus and a trojan.

    There's a decent chance there will be some kind of unpatched OSX vuln that will be exploited ala what you see on a Windows machine, but until then you should just stew in silence and wait for your opportunity to post your "See OSX is no better than Windows" messages and then you wont look like such ignorant fools.

    If you can install software on a computer, you can install software that is malware as well. I doubt anyone can fault Apple for allowing end users to install software that they choose to install.

  • It should be noted (Score:5, Informative)

    by Orion Blastar (457579) <orionblastar@noSPAm.gmail.com> on Thursday April 16, 2009 @09:10PM (#27606151) Homepage Journal

    that a lot of "pirated" Bit Torrent software contains malware. Not just the Windows versions, but the Mac and Linux and BSD Unix versions as well.

    When you download pirated software you take a risk that it contains a trojan.

    I've even seen PDF files that had HTML exploits in it that got detected by antivirus. Read the comments on most Bit Torrent web sites the users will complain that it contains a virus. You don't have to download it to test it, the people who already downloaded it will give feedback that it contains a trojan or malware.

    When you download pirated software you are taking a big chance, it isn't worth it when a majority of things are infected. That is why I look towards Free and Open Source Software as alternatives to commercial products.

    • by Erikderzweite (1146485) on Thursday April 16, 2009 @09:28PM (#27606305)

      That is very true, Free and Open Source from signed repositories is the safest way of getting software.
      Besides, you must behave different if you are going to install some weird binary from the Internet (which is not the case with Windows or Mac). That will scare off the newbies and more advanced users will know of dangers anyway. So the impact from similar malware in Linux will be limited, not to mention various distributions, DE's and suchlike.

  • by Anonymous Coward on Thursday April 16, 2009 @09:10PM (#27606161)

    iBot, same malware at an outrageous price

  • by fishthegeek (943099) on Thursday April 16, 2009 @09:12PM (#27606179) Journal
    Antivirus Protection [thepiratebay.org]
  • Botnet is a botnet (Score:5, Insightful)

    by Randall311 (866824) on Thursday April 16, 2009 @09:44PM (#27606441) Homepage
    Guys guys guys... you're missing the point. It doesn't matter if the attack was social or security based. The fact is it is a Mac based botnet. That's it. No double standard here, just reporting that a Macintosh based botnet is up to no good. The bottom line is that security is up to the user. I could go %sudo ALL=NOPASSWD: ALL in my /etc/sudoers and security goes right out the window. It's all in control of the user. People are (as a collective) just not that smart. There can never be a secure system as long as there are users of the system.
  • Social Engineering (Score:4, Insightful)

    by MacColossus (932054) on Thursday April 16, 2009 @10:42PM (#27606877) Journal
    There is no patch for human stupidity. Just goes to show that if you do illegal file sharing you need good antivirus regardless of platform.
  • by Lord Flipper (627481) * on Friday April 17, 2009 @06:18AM (#27609047)

    Why guys insist on downloading questionable things without some preventive measures in place, first, is beyond the scope of my tired head. But dumping Apple's default 5-minute "grace period" on sudo (or admin passwords, in other words) will kill third-party attempts to piggyback on any password that is being used by the legit user for privilege escalation.

    In a console (Terminal):

    sudo visudo

    [hit return, enter password]

    scroll to: #Defaults specification, hit the letter 'o' to get a new line, and type:

    Defaults:ALL timestamp_timeout=0

    then hit [Escape] to end the editing session, then ':w' plus [Enter] to write the file to disk, and finally ':q' plus [Enter] to quit visudo.

    Done. I get tired of vi, of course, and will usually use BBEdit to open /private/etc/sudoers and enter the admin password once to 'unlock' sudoers, then scroll down and add the new default line, and save the file. Done, quicker.

    A nefarious app or script can poll the system asking if there's escalation until kingdom come and it will never get an affirmative. End of story; end of file

I bet the human brain is a kludge. -- Marvin Minsky

Working...