Remember the Mac trojan that we reported about earlier this year? A trojan was found piggybacking on the back of copies of iWork and Photoshop CS4 found on warez sites and networks, and it would install itself after the user had entered his or her administrator password during the software’s installation. This trojan didn’t seem like much of a threat back then, but as it turns out, it’s now in use in the first Macintosh botnet.
Security researchers from Symantec have found evidence that said trojans, OSX.Iservice and OSX.Iservice.B, are being used in creating a botnet used for DDoS attacks. There’s at least one documented case of these trojans being used for DDoS attacks, and the researchers have found out that the botnet has encryption, a peer-to-peer engine, and remote startup capabilities.
“The code indicates that, wherever possible, the author tried to use the most flexible and extendible approach when creating it â€“ and therefore we would not be surprised to see a new, modified variant in the near future,” the researchers said. Interestingly enough, they added that the person who wrote the trojans is not the same person who activated the botnet.
If you think you’ve been infected, you can use any Mac antivirus tool to clean your system; most of them have been updated to include removal instructions for these trojans. Since we’re talking trojans here, there’s no need to worry about self-replication, as it’s incapable of doing that. As always, steer clear of pirated software to prevent things like this from happening.