Signs of first zombie Mac botnet

Publié le :

Malware hunters at Symantec claim to have found evidence of the first Mac OS X botnet, reports ZDNet, followed by Ars Technica and Macworld UK.

The trojan — called called iServices — apparently comes from pirated copies of iWork '09 and Photoshop CS4 distributed via peer-to-peer networks. See this blog post for a first-hand description of the exploit (a PHP script performing a DDoS attack).

Pedro Bueno has posted a complete description on how to find and remove the trojan.
If you're afraid of the Terminal, SecureMac proposes a free iServices Trojan Horse Removal Tool, available at http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg.

Time to think of an anti-virus package for your Mac? I know some editors who will be welcoming that news to boost their fledging Mac AV product line...