Still think Mac is secure?

Over the past week, researchers have been investigating a new botnet consisting of compromised computers, all running the Mac OS. From what I can tell, this is a rather simplistic attack, where malware has been added to popular pirated software which users then installed and ran.

The Flaw

The major flaw here is the overwhelming overconfidence of Mac users, in my humble opinion. Many Mac users do not consider their computers to be at risk for infection, because Macs are rarely attacked. They seem to believe that this is because Macs are inherently more secure, rather than a result of the lower market share of the Operating System.

As a result of this attitude, many Mac users have not bothered to install/configure/update the basic software necessary to protect a computer, especially when downloading as untrustworthy software as pirated applications. The consequence of this is of course, that their computers were compromised.

The consequences

Compromised computers that have been added to the botnet in question have been used in Distributed Denial of Service attacks against various web sites, as the attackers behind this botnet rent the network out to third parties. Additionally, as the software accesses the administrator-level credentials for the computer, it is possible that attackers may be able to access and/or retrieve sensitive data from compromised systems.

More Information

• Name: OSX.Trojan.iServices.A, OSX/iWorkS-A, OSX.iWorkServices.A


• Infection Vector: Trojan Horse contained in pirated Mac OS software


• Article on Techtree


• Intego alert on this virus


• Removal utility from Securemac.com