Filed under: Software
Pirated iWork contains botnet trojan, breaks hearts
The tubes are ablaze today with news from CNN of the The trojan, named "iBotnet" (get it?), has only affected a few thousand Macs in the wild and it is currently not known to do any real harm. Should you be concerned? Well, the answer to that depends on whether you're a software pirate or not. The distribution method for this particular piece of malware is through the downloading of certain bootlegged copies of Apple's iWork.
Brian Krebs over at the Washington Post details some information about the actual first botnet specifically for the Mac. He points out that the current media storm is for a trojan that was actually discovered in January. He goes on to mention that the first botnet for the Mac was actually released in 2006 and targeted both Macs and PCs alike.
In other news, sales of Symantec's Norton AntiVirus shot up following the release of the security bulletin and subsequent frenzy of coverage. Actually, this is not true (at least to this humble blogger's knowledge); but it does pose an interesting question. Who profits most from the release of malware on any platform? One thing we know for sure, though, is that the end-user is definitely losing out in this game.
The moral of this story: stop all the downloading! Thanks G.I. Joe! In all seriousness, though, the majority of malware on the Mac (and on the PC) is distributed through nefarious chains of content acquisition. Be careful out there when clicking links and downloading files or programs from sites that you may not trust.
Thanks to everyone who sent this in!
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
David Emery said 12:06PM on 4-23-2009
Caveat Pirator! :-)
Reply
redwall_hp said 1:23PM on 4-23-2009
This is not an issue. Obviously it's stupid to think yourself invincible to malware, but this botnet is *nothing.* You have to pirate software, then you have to blindly give the installer an admin password. You have to *manually* download and install the malware. No drive-by installs like you get on Windows.
I can't see myself falling for that. Maybe someone who's rather clueless about computers, but I would suspect the number of clueless people torrenting iWork isn't *too* huge...
If this were windows, an attack infecting "a few thousand" users wouldn't even make the news. I still don't see tainted Flash banner ads or MySpace profiles automatically installing malware on Mac OS X. Until then, I'm not all that worried.
Charles said 12:10PM on 4-23-2009
This is just proof that all operating systems share a common vulnerability: the user.
Reply
Tom said 12:14PM on 4-23-2009
"Who profits most from the release of malware on any platform? " Those are dangerous words... could you be referring to the fact that many of the security scare stories seem to emanate from Symantec HQ?
Reply
balls said 12:29PM on 4-23-2009
He does have a point.
Brinks and ADT do their best business in a neighborhood after someone's house gets broken into.
Guy Teague said 12:24AM on 4-24-2009
qui bono. who benfits? it's been blindingly obvious to me for over a decade that the anti-virus companies are paying for attacks.
/guy
Sean Flanagan said 12:19PM on 4-23-2009
This was basically eradicated thanks to the diligence of the scene. Warnings were posted and infected torrents removed from trackers. The media hoopla at this point is unfounded. As far as I'm concerned, it's all a ruse to increase Mac antivirus sales.
Reply
autoy said 12:20PM on 4-23-2009
Listen, all you have to do is point to this article:
http://db.tidbits.com/article/10218
Reply
jim said 12:21PM on 4-23-2009
It is $79 for 2 great products and one okay product (Numbers needs a lot of polishing in my view). I think that is a reasonable price, no need to pirate it.
Reply
Joseph said 12:36PM on 4-23-2009
Requires 2 things:
1. Pirate software
2. Install pirated software blindly
I'm not worried.
Reply
Joel Housman said 12:36PM on 4-23-2009
And besides, if you want to pirate iWork just get the free trial from apple then find a serial number out there. Why are ppl downloading the entire thing from torrent sites?
Reply
Coard Miller said 1:21PM on 4-23-2009
That's my view on it. People who do otherwise deserve this. I'm just saying.
Paul said 1:48PM on 4-23-2009
You don't even need a serial number. Converting from trial to retail is as simple as changing "Trial" to "Retail" in a certain file.
By the way, I paid $100 for the family pack even though I verified I didn't need to. It's a great set of apps.
Jonathan said 12:43PM on 4-23-2009
But how? Back when I was a PC user, Mac people was always goating that there were no viruses or trojans for the mac. Because it was "such a superior system" and that "windows sucked so much ass". Now, can I get my money back? ;)
Reply
Jason Martin said 3:31PM on 4-23-2009
There still aren't. This isn't a virus. This is malware disguised as iWork. You can have malware for anything, as it requires the user to fully install it. Additionally, the user has to circumvent the developer and distributor (i.e. Apple) by nefarious means. So Apple's claims about viruses still holds true.
Viruses usually require you to do nothing or next to nothing (i.e. click a link or open an email attachment). That's a much lower barrier of entry.
archer75 said 12:45PM on 4-23-2009
You may think this is limited to pirated software but it doesn't have to be. You just have to take that same file, name it whatever you like, hack a site and attach it to legit software. Bam, you're infected.
Reply
BeyondtheTech said 12:57PM on 4-23-2009
Isn't this like old, old news?
Reply
Galley said 1:08PM on 4-23-2009
You get what you pay for...
Reply
rtamesis said 1:44PM on 4-23-2009
As HAL 9000 said to Dave Bowman in the movie "2001: A Space Odyssey", these things happen and will continue to happen due to "human error."
Reply
Killian said 1:21PM on 4-23-2009
Actually, this was in the news yesterday-- I was surprised to see that you guys didn't pick up on this story a lot sooner. I'm also surprised that no one has posted a link to this: http://www.macupdate.com/info.php/id/30265/iservices-trojan-removal-tool
That's a link to the free removal tool for the virus. No need to make people buy more crappy Symantec products...
Also, can we give the whole "blaming the victim" angle a rest? Lots of people pirate software/music/movies. That doesn't mean they deserve to get a virus or malware on their system. Period.
Reply