Slashdot Mirror
Zombie Macs Launch DoS Attack
Cludge writes "ZDNet has a story (and several related articles) about how Symantec has discovered evidence of an all-Mac based botnet that is actively involved in a DOS attack. Apparently, security on the exploited Macs (call them iBots?) was compromised when unwary users bit-torrented pirated copies of iWork 09 and Photoshop CS4 that contained malware. From the article: 'They describe this as the "first real attempt to create a Mac botnet" and note that the zombie Macs are already being used for nefarious purposes.'"
... that somebody didn't do it the old fashion way and post that the website host said bad things about Steve Jobs?
"Common sense will be the death of us all"
the end of innocence for Apple users.
I always wondered when those pirated copies of software would be become malware vectors. Maybe the quickest way to stop software piracy is through evil copies of legitimate software.
it just... BBRRRAAAIINNNNSSS
I use Mac, and I love it! Macs never get vi
NO CARRIER
Anybody want my mod points?
But these iZombies have such cool eye-candy the Windoze and Linux could never catch up in the cool factor in a million years!
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
If a user is tricked into installing malware on a machine, the machine is infected with malware.
It's a shame people think Macs are somehow magically protected against viruses and other nasty computer stuff, merely by virtue of the manufacturer and operating system. It's probably more of a shame that Apple has, in the past at least, marketed Macs as being (more?) immune to viruses than PCs - something which somewhat true, but only for statistical reasons.
It's like STDs - if you're careless and go sticking your junk everywhere without taking precautions, you'll probably catch something cruel, eventually.
So does this mean that Macs are finally Enterprise Ready?
From what we know so far, apparently the botnet was created by a trojan and does not spread.
I'm a Mac user who doesn't run applications downloaded from completely untrustworthy sources like pirate p2p networks and you're correct -- I don't need a virus or malware checker.
Mac: Hi, I'm a mac!
PC: Im a.. *cough* PC...
Mac: Oh, you must be sick? Well I can't get sick.
PC: really?
Mac: (whispers) "Nobody knows I got HIV"
PC: Ahhhh... I just got a cold
Mac: See! I don't even have a cold!
The obvious solution is to switch to Linux, because everyone knows it has no viruses and never will.
I SAID NEVER WILL.
Sounds like someone has their panties in a twist. You might forget that strict permission levels don't imply security when the person behind the keyboard is an idiot.
Om, nomnomnom...
Man, I run Vista and I don't have any of that (built-ins are disabled). I only have virus scanning done on a weekly basis, and somehow despite not having forty pieces of software dedicated to second-guessing me I still don't have any viruses or malware.
Simplest thing anyone can do is train the thing between the chair and the keyboard.
Purposefully installing malicious software does not indicate a vulnerability. The user intentionally installed a piece of software that is doing exactly what it is designed to do.
There isn't an operating system on the planet that can protect you (or itself) from fraudulent user activity.
Platform advocacy is like choosing a favorite severely developmentally disabled child.
I'm a user who doesn't run applications downloaded from completely untrustworthy sources like pirate p2p networks and you're correct -- I don't need a virus or malware checker.
Fixed that for you.
There are shills on slashdot. Apparently, I'm one of them.
Essentially, this makes it impervious to viruses. Even trojans are thwarted because smart users (Mac users) don't execute programs they don't know the origin of.
No computer system can withstand prolonged exposure to idiot owners. Macs are no exception. Your statement only confirms that :D
"Common sense will be the death of us all"
A botnet that just works.
The musings of just another geek and his junk.
Sorry, how does conficker spread again?
How would they even know what to learn in the first place?
And rightfully so. If the damn thing needs that much care and feeding, it is defective and should be returned!
Seriously? A download, installed, and password prompting program is a vulnerability?
That must mean that apple's Remote Desktop is a huge vulnerability. Giving the attacker complete control of the victims system, and the ability to execute remote code! Oh the horror! Oh the humanity!
MAC users should be rejoicing around the world! What this actually means is that hackers are noticing MACs are gaining in population and and they see profit in targeting them. What's going to fall next, Rome?
No exploits necessary when the user download and willingly installs the application.
What do you expect? It had to find a black turtleneck, offer some snide, unasked for criticism of your iTunes playlist, and order a double-whip, half-caf, non-fat latte before deciding which port was cool enough to grace with its packets. It may not be very effective, but it looks FABULOOOOOOOOOOOOUS!
Learning HOW to think is more important than learning WHAT to think.
No, the funny part is that the users who torrented and installed pirated copies of iWork 09 and Photoshop CS4 got exactly what they deserved. Instant karma.
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
Witchcraft, demons, and bad karma.
I don't believe in time. It's a grand conspiracy designed to sell watches.
It's a shame that the level of intelligence and knowledge of the posters to Slashdot seems to still be in decline.
I would think that anyone who wants to use this "revelation" as some kind of troll against OSX would at least be able to differentiate between a virus and a trojan.
There's a decent chance there will be some kind of unpatched OSX vuln that will be exploited ala what you see on a Windows machine, but until then you should just stew in silence and wait for your opportunity to post your "See OSX is no better than Windows" messages and then you wont look like such ignorant fools.
If you can install software on a computer, you can install software that is malware as well. I doubt anyone can fault Apple for allowing end users to install software that they choose to install.
"Two things are infinite: the universe and human stupidity; and I'm not sure about the universe." Albert Einstein. "You make your choices and you take your chances," P.T. Barnum.
May I be the first to laugh...
Not if you're a Linux user.
... and laugh and laugh... Oh, we're Mac users - we don't need stuff like virus and malware checkers! Now, let the explanations begin about how this is a wonderful intuitive "feature" and not a flaw.
Mac users aren't the only ones living in glass houses, here. There's something to be learned for everybody here. If Mac user humility here is your highest concern with this article then you are turning into what you despise.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
I suspect that this botnet has been created by a geek that is sick to death of uneducated Mac fanboyism, and in a small way, I have respect for that.
No, it wasn't. This botnet was created by a computer criminal who saw an opportunity to capitalize on people who install pirated software either because they are to clueless to know the risks or because they have deluded them selves into thinking it is riskless act. The lesson we can all learn from this is the following:
"If you download pirated software off the internet and install it on your computer you run the risk of installing along with it carefully crafted malware that your security software or whatever other precautions you are taking may not be able to protect you against."
Note that this basic lesson is true on all incarnations of Mac OS X, Windows, Linux or any other network enabled operating system you can download pirated software for.
Now please crawl back under your rock and learn to write better trolls...
Only to idiots, are orders laws.
-- Henning von Tresckow
that a lot of "pirated" Bit Torrent software contains malware. Not just the Windows versions, but the Mac and Linux and BSD Unix versions as well.
When you download pirated software you take a risk that it contains a trojan.
I've even seen PDF files that had HTML exploits in it that got detected by antivirus. Read the comments on most Bit Torrent web sites the users will complain that it contains a virus. You don't have to download it to test it, the people who already downloaded it will give feedback that it contains a trojan or malware.
When you download pirated software you are taking a big chance, it isn't worth it when a majority of things are infected. That is why I look towards Free and Open Source Software as alternatives to commercial products.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
iBot, same malware at an outrageous price
Antivirus Protection
load "$",8,1
Guys guys guys... you're missing the point. It doesn't matter if the attack was social or security based. The fact is it is a Mac based botnet. That's it. No double standard here, just reporting that a Macintosh based botnet is up to no good. The bottom line is that security is up to the user. I could go %sudo ALL=NOPASSWD: ALL in my /etc/sudoers and security goes right out the window. It's all in control of the user. People are (as a collective) just not that smart. There can never be a secure system as long as there are users of the system.
Comment removed based on user account deletion
As a long-time Mac (and PC) user myself, I've been known to give someone a "simplified version" of the truth, telling them "you won't have any virus or spyware problems on a Mac".
It's not that I'm some clueless user who doesn't know better. It's that I have a pretty good idea of what the individual does with and expects from their computer. Judging by that, and knowing they're not a very "technical" user to begin with, I know that practically speaking, they really aren't going to need to worry about infections on their Mac.
(So far, just about all of the trojan horses and viruses people mentioned for OS X involved downloading files of unknown origins, or running something you received in an unsolicited email. When you have a user who is already scared to open any email at all from people he/she doesn't know, they're hopefully in good shape there. They're certainly not savvy enough to fire up bittorrent and start seeking out pirated software, either.)
Regardless of what operating system you're on, there's this little feature called code signing.
If Apple actually signed everything they make, including the Setup/Installer packages, and drummed just that one little piece of security into their users then this type of malware-embedded-in-Apple-software attack just wouldn't be possible.
But these people were downloading a cracked version of the software (just not entirely in the way they expected). So they would expect that this would fail a validity test.
Obviously code signing would help in the user expected that whatever they were installing was totally genuine.
Ever stop to think
There is no patch for human stupidity. Just goes to show that if you do illegal file sharing you need good antivirus regardless of platform.
Symantec is just trying to drum up more sales.
The more people fear their computers might be "infected," the more antivirus software they sell.
Zombie Mac: Braaaaiiiinnnssss
Mac fanboy: Joke's on you, I have none
(I'm going to mod point hell for this one)
Help fight spam
Why guys insist on downloading questionable things without some preventive measures in place, first, is beyond the scope of my tired head. But dumping Apple's default 5-minute "grace period" on sudo (or admin passwords, in other words) will kill third-party attempts to piggyback on any password that is being used by the legit user for privilege escalation.
In a console (Terminal):
[hit return, enter password]
scroll to: #Defaults specification, hit the letter 'o' to get a new line, and type:
then hit [Escape] to end the editing session, then ':w' plus [Enter] to write the file to disk, and finally ':q' plus [Enter] to quit visudo.
Done. I get tired of vi, of course, and will usually use BBEdit to open /private/etc/sudoers and enter the admin password once to 'unlock' sudoers, then scroll down and add the new default line, and save the file. Done, quicker.
A nefarious app or script can poll the system asking if there's escalation until kingdom come and it will never get an affirmative. End of story; end of file
Does the Mac botnet have a more simple and intuitive UI than comparable Windows-based botnets? My grandma is a script kiddie, this sounds like the perfect system for her.