Writing in the latest issue of Virus Bulletin (registration required), two Symantec researchers report what they believe is the first evidence of a major botnet consisting of compromised Macs. However other experts aren't so sure of the increased threat to Mac users.
Researchers Mario Ballano Barcena and Alfredo Pesoli found that Mac users who downloaded pirated copies of iWork 09 and Adobe Creative Suite 4 from P2P sites got more than the programs they intended. Added to the binaries were two malware variants--OSX.Iservice and OSX.Iservice.B. The malware executes a PHP script, running as root, that launches distributed denial of service (DDoS) attacks against sites. One site, dollarcardmarketing.com, reported a DDoS attack of more than 600Gb of Web traffic at its peak, according to the Washington Post.
While Apple has been successful with advertising that Mac users won't suffer the same number of viral attacks that Windows users endure, "unfortunately Macs offer no protection against the manipulation of emotions by malicious users," said Randy Abrams, director of education at ESET, an antivirus vendor.
Whether this is the first Mac-based botnet, Abrams said this probably wasn't the first. He told PC World, "usually the first is done by some really smart people and doesn't get discovered." Abrams noted that Macs today essentially run on Unix and in his blog he describes the parallels of this Mac malware with the first network Unix worm written by Robert Morris, Jr. back in 1988.
Other experts agree the media attention around this particular botnet is unwarranted.
"The story for Mac malware hasn't changed this week contrary to popular opinion," wrote Adam O'Donnell of Cloudmark in a blog post. That said, O'Donnell and experts who spoke to PCWorld all cited the need for Mac users to be educated on the threat landscape and at least start thinking about antivirus solutions for their desktops. Each stopped short of saying such purchases were absolutely necessary.
Based on this one example, as long as a Mac user avoids pirated software on P2P sites, their desktop remains safe. But O'Donnell writes "when we see what happens every day on the PC side happen once on the Mac side, then we all need to run out and buy anti-virus software."
Robert Vamosi is a freelance computer security writer specializing in covering criminal hackers and malware threats.