back to article Researchers dissect world's first Mac botnet

Fresh research has shed new light on the world's first Mac OS X botnet, which causes infected machines to mount denial of service attacks. Symantec researchers Mario Ballano Barcena and Alfredo Pesoli said the infections are the same ones described in this blog post from January. In it, the blogger - a self-described designer …


This topic is closed for new posts.
  1. Casper Orillian

    Mac Owned

    Oh how the mighty have fallen, could this be the first blow in a new range of mac viruses?

    even though this has happend i still bet the mac users say that there systems are untouchable

  2. Peyton

    Honestly people

    Just because it uses over 100% CPU, that does not make kernel_task a virus!

  3. Shane Sturrock

    Installed a trojan, big whoop.

    If you download pirate software for any platform you are already on dodgy ground. It is quite likely for the software to have a trojan included as was the case here. There really isn't much an OS can do if the user installs malicious software.

  4. James O'Brien

    Shock and Awe

    Surely this cant be true...

    Macs? Infected with Viruses and Trojans and malware? Oh my.

    And also Mactards arnt squeaky clean as well when it comes to piracy? SAY IT AINT SO!!!

    Hope this learns ya you St Jobs loving freaks

  5. Anonymous Coward


    The lesson is not to run programs from warez sites. That's a bit of a no brainer regardless of what OS you run isn't it?

  6. Anonymous Coward

    Here we go...

    Windows fan bois rejoice that -finally- Macs take a hit, mac fanbois claim it's just the one and hell he got it from warez so what do you expect, Linux fanbois laugh at both until they catch something...


    I'll stick with me AS400, never had a virus on that baby.

  7. jai

    Re Mac Owned / Re Shock and Awe

    so there's one botnet exploit on OS X


    how many are there on windows? even if those 20,000 macs are infected and spamming DOS attacks, that's a drop in the ocean compared to the damage being done by infected windows machines

  8. Murray Pearson

    Trojan Schmojan.

    This is a sucker-punch purely for suckers.

    I'll just continue using open source software, rather than warez, on my Mac, and use my brain when I use my computer. Problem solved.

  9. Tom

    The mactards say

    "Mac's dont get viruses and trojans. we are safe"

    Well I hope words like these are being eaten, along with some slices of humble pie from the oven of shame set at gas mark egg-on-your-face.

    There will be more malware like this coming to a mac near you soon, a lot more.

  10. Alan W. Rateliff, II
    Paris Hilton


    The more technologically illiterate grandmas, grandpas, moms and dads, and whomever you convince to switch away from Windows, be it to Mac or Linux, the more the balance of power will shift.

    Not like there are no remotely exploitable security holes in Mac or *nux. There are plenty, and the number of them, alone or in relation to Windows, is irrelevant. The real issue is the user and the number of users. The former to install the crudware from websites, software, or emails, and the later to produce a broader, or narrower, attack surface.

    Paris, irrelevant.

  11. Anonymous Coward


    Hmm... People downloaded warez from some site in the hopes of saving thousands by pirating software and they got infected? Who woulda thunk it?

    I've never been fond of Macs, but you can't blame the platform when freetards will willingly install your malware for you.

  12. Anonymous Coward


    Can not say I am surprised, but will take a lot to get through to most Macites that their beloved Jobsian world has been infiltrated in a serious way. Expect to see thousands of similar fun loving excitement in the next year or two chaps!!

    I am glad in a way, they now might begin to understand that popularity is the weakness, and the OS hiding behind the mouse pointer is mostly irrelevant.

  13. martinX
    Jobs Halo

    Like the Irish email virus

    This is as much a security breach as the Irish email virus. Come on, you have to deliberately download it *from a warez site*, install it and (because it's running as root) probably put in your admin password as well.


  14. MacRat

    Security Hole

    A user installing an app that does bad things is a security hole in the OS?

  15. Anonymous Coward
    Anonymous Coward

    Well really

    I would have expected a higher level of knowledge than some of the replies above. Oh well, perhaps not.

    Note that this has nothing to do with the security or otherwise of OSX. (Which I don't happen to use.) The software was deliberately installed by the owner of the system and did what it was designed to do. If he has a problem with that he should sue the supplier...good luck with that.

    So it is not the first of a series of Mac viruses, since it is not a Virus. it is a Trojan. Any system can run a trojan, if it can run anything at all. The only way the OS could prevent this happening is by preventing the owner from installing software. I am sure that would go down well.

    Meanwhile...I presume the MAC owner will now go out and by legit copies of all his stuff???

  16. Anonymous Coward



    the mac, the mac,

    the mac is on fire

    the mac, the mac,

    the mac is on fire

    we don't need no water

    let the mothereffer burn

    burn mothereffer burn

  17. Anonymous Coward
    Anonymous Coward


    Since I can find, kill and remove an unkown piece of software that is hogging the processor(s) on my mac I don't see this as that much of an issue. kill -9 , rm -rf /offending_binary. But then I never had problems like this when I used a PC as I never downloaded and installed crap. Legitimate software suppliers provide checksums BTW.

  18. David Wilkinson

    Missing the point ...

    The new here is that for the first time a criminals are actually actively targeted MACs in a real world attack.

    There are vulnerabilities there to be found, there are people who can have found some in the past with little effort, but up until now one was actually targeted MACs.

    This Trojan exploited a vulnerablity found between the keyboard and the chair ... MAC users have historically assumed that they need not worry even when downloading from the least reputable sources.

    Now they have to worry.

  19. Tim99 Silver badge


    Lets not all get too carried away here - A Trojan from January!


  20. Peter Gathercole Silver badge

    It's obvious...

    There are a group of people, which probably includes most non-computerate end users, who need a new type of machine. It must come with the OS and other software in ROM, and have every app they need installed already.

    This way they cannot install something which could do damage. But equally, they would not be able to install the latest flash, Silverlight or any other flavour-of-the month add-on.

    Can't stomach such a thing? No, I didn't think so. Nor will most users, although UMC's like the eeePC(s) nearly made it.

    My coat is the one with the Amstrad Emailer box underneath it.

  21. Anonymous Coward
    Anonymous Coward

    I think the security holes they are talking about...

    .. are more like the ones trojans exploit to get where they shouldn't be (i.e. priviledge escalation, isntalling as service or driver etc), they do mention a few remote ones and rather than actualyl debunk them, the comments here seem to be the classic mac, no there isn't :P

  22. Anonymous Coward
    Dead Vulture

    PHP with Root privs?

    "he found a foreign PHP script with root privileges was flooding an undisclosed website with data packets."

    So that means that HE was logged in as root when HE ran the script that launched the PHP code. That's not a security hole that's being an idiot.

    I'm wondering if Microsoft have bunged someone some cash to spread scare stories as this is the second one in two days which really is a non story.

    Its akin to saying that the deadlocks and engine immobiliser on my Saab are defective because I gave the keys to someone who then stole my car.

  23. Ted Treen
    Jobs Halo

    @AC 02:11

    A voice of common sense: A trojan is definitely not a virus, as you say, but It has to be installed, and is therefore reliant upon the PICNIC* virus, which is all too common.

    * Problem In Chair Not In Computer

  24. Ascylto


    I wondered just how long it would be before I encountered the phrase "going forward".

    And here it is in this article!


  25. Anonymous Coward


    That's my new word for all the comments on this page so far.

  26. Anonymous Coward


    nay, that would be a feature!

  27. Apocalypse Later


    Complacency is the issue here. Yes, the malware is a trojan in this instance, and not an OS vulnerability or virus as such, but Apple users who believe that their computers are invulnerable to viruses are likely not to appreciate the distinction at the point that it matters, when installing software from questionable sources. Windows users are conditioned to understand that this is risky, and often use anti-malware programs as well as simple caution. They know they are vulnerable. Apple users, relying on Apple's own advertising, may well think they can indulge in risky behaviour without consequences. Certainly few bother to run any sort anti-malware program on a regular basis, if at all.

    Social engineering targets people, not operating systems. Most are vulnerable. Those who think they are invulnerable are most vulnerable. Getting people to install a trojan is a social engineering exploit, not an OS exploit, though the trojan will be OS specific. It might be better for their users if Apple refrained from the invulnerability claims.

  28. Anonymous Coward

    Ummm this trojan requires *extreme* stupidity

    The trojan relies on exteremely stupid users.

    You've got to be dafter than the average by quite a long way.

    It's only going to install if you are foolish enough to download dodgy software and then give it your administrator password... that's not a problem with OSX, that's a problem with users.

  29. Barry Tabrah

    Missing the point

    The point of this is not that the malware was installed through the use of warez, the point is that the Macs in question had nothing to protect themselves from this infection.

    The majority of infections on the PC are caused by the installation of something by the user, mostly from websites. Antivirus and Spyware protection are the components by which users are protected from their own stupidity.

    As Macs are targeted more, Mac users are going to have to consider investing in some extra software. And good luck finding an expert who can clean your Mac. I'm pretty good at bringing a PC back from the brink, but I wouldn't know where to start on the Mac.

    Methinks the Mac Geniusi are going to need a whole new level of genius pretty soon now.

  30. EnricoSuarve

    b..b..but it's a twojan

    <i>"The Symantec research comes amid reports of a series of unpatched, actively-exploited holes in OS X"</i>

    Just guessing here but all you macbois above preaching that "no no no this was a trojan so it doesn't count" convieniently bypassed that bit?

    So your original argument that Macs couldn't be hacked "cos they is l33t" turns out to be wrong

    Now trojans don't count - call me crazy but I bet they count on a PC or a Linux box right?

    So because this malware writer *chose* to write a trojan instead of exploiting a vulnerability you are still OK?

    Thats genius level problem ignoring skills you've got going on there - you bois would still manage to shove your heads in the sand in the middle of a frikking ocean

    B..b..b..but it's a mac so it doesn't count right?

    I can see the adverts now...

    "I'm a mac and until now there weren't enough of us for anyone to give a shit about hacking us"

    "I'm a mac and I just found out it hurts in general population"

    flame on kids...flame on ;0)

  31. Justin

    Not a vulnerability / exploit

    This is not evidence of a vulnerability within OSX, it is evidence of the stupidity of those who downloaded warez software and supplied it with their user credentials. As far as OSX is concerned, this would have been an authorised software install, manually authenticated by the user - no technical exploits.

  32. Neil


    "Just because it uses over 100% CPU, that does not make kernel_task a virus!"

    Macs can run tasks at over 100% of the available CPU power?

    How much can they go up to? 110%? 1000%? 100000%?

  33. Juan Inamillion

    Shame, really...

    ...that some of the commentards here don't read and, more importantly, UNDERSTAND what happened here.

    It wasn't a VIRUS it was a TROJAN.

    Essential difference? A Trojan requires the user to actually install (usually with admin rights) the software. And that software came from where exactly? Oh, a dodgy warez site populated by n'er do wells and miscreants.

    So all those who think the end of the Mac world is nigh - epic fail!

  34. b166er

    Oh my

    How we laughed.

    Murray, what exactly do you use your MAC for if you only use open-source?

  35. Wize

    This would never happen on a Windows machine...

    Joking aside, shouldn't he have put on the security patch for this 4 month old problem?

  36. Anonymous Coward
    Anonymous Coward

    The Real Shiny and Sharp) Point...

    .. to all this is that

    a) yes it is a trojan

    b) yes the problem is that of a poorly working Mk. 1 Human Brain

    c) yes it accompany warez

    .. so what does this tell you about the average elitist^H^H^H^H Mac user?

    And that is why the flamethrowers are out and working. For how many years have we seen and heard from the Mac fanbois that they are different and better than us unwashed masses... that we cannot and will not "get it" unless we're become "different"? (like the arses over at

    Now we see that these many/most(?) of the Mac fanbois equal the dumbest of dumbtards in the PeeCee world. I mean.. come on.. getting burned by a trojan that installs with waez!!!??

  37. Mark

    @Missing the point

    "The point of this is not that the malware was installed through the use of warez, the point is that the Macs in question had nothing to protect themselves from this infection."

    No Barry, it is you that is missing the point. I've installed warez on a VM before to check for malware. The VM concerned had up-to-date firewall and anti-virus software on it, the OS was XP. The warez concerned was loaded with malware and the AV and firewall did FUCK ALL about it.

    The moral of the story is that you won't get software to protect against the idiot in front of the machine - that's the job of the power off button. If you're a moron and install bad software as root then nothing is going to protect you.

  38. Anonymous Coward

    *nix snobbery ensures most newbies give up

    @ Alan W. Rateliff - "The more technologically illiterate grandmas, grandpas, moms and dads, and whomever you convince to switch away from Windows, be it to Mac or Linux, the more the balance of power will shift."

    That must be the reason 'nix forums are so often littered with newbie-hating surly sarcastic meanies who give totally UNHELPFUL SNOTTY REPLIES to new Linux users' honest questions about problems they're having with their particular Linux distro - 'cause the oldtimers do NOT *actually* WANT the unwashed masses to use Linux (nevermind some Linux fans' seeming proselytizing; that's just a cover to help them feel superior).

    How many times have you read the following snide unhelpful reply, when someone mentions a bug or a problem with some Linux app:

    "Well, why don't you write a fix for it then, instead of just complaining about it."

    Or, "well I don't know why it doesn't work for you, you must be doing something wrong, because it works fine for me [on totally *different* hardware!] therefore your complaint is not valid so I'm going to close and LOCK THE THREAD now."

    How convenient that things that make Linux look less than the "mature" OS it's claimed to be now, get swept under the rug, threads closed so that no further discussion can occur. Ironic that they're cutting off their nose to spite their face, because if they'd WELCOME complaints, the OS might advance faster. But no, bury your head in the sand and think "everything's groovy, it's fine the way it is, complainers must be MS trolls". Yeah right. Sure, whatever dude, wouldn't want to pop your little fantasy bubble there.

    The implications are clear - if (a) you're not willing to accept things as they are, OR (b) if you're not a hoity-toity well-endowed advanced programmer, you shouldn't be using Linux and you should just go back to playing with your preschooler Windows or idiot-proof Mac, and leave the Linux stuff to the *real* men (or women, as the case may be).

    Just the elite clique, please. "Yeah Linux is wonderful (because it isn't Microsoft, of course, duh) but Linux is only for the chosen few and mere mortal ordinary people aren't welcome here."

    And then of course they always end their snotty comments with smiley icons to make it look like they're all cheery and positive. Bunch of passive-aggressive phonies!

    But it's all for the GREATER GOOD, yes, I can see it clearly now. For if all those newbie moron former-Windows users (grandpas, grandmas, warez-luvrs, file-sharers, etc) were to adopt Linux while retaining their moronic computer-use habits, surely Linux would quickly be up to its ears in malware, scams, viruses, botnets, rootkits, and all the rest of it.

    Hey, it only takes a few days for a user to "get used to" just typing in the password when a window pops up in Ubuntu saying it needs the password to do such-and-such (like everytime I need to mount a different drive, or run the Update Manager, or change something in Firestarter), so it would be easy to trick certain types of, er, less-mentally-endowed users into allowing malware to run.

    If there were 50 bazillion idiot clueless Linux users doing stupid things in Linux, it would be a much more ATTRACTIVE *target* for MALWARE authors.

    But we can prevent all that by making things so UNPLEASANT for newbies that they give up in disgust and/or despair/confusion, thus keeping Linux safe for the already-existing users. So we can continue to be overconfident and smug about the security of our Sacred Chosen No-Malware OS.

    I think it's time the Register had a DEVIL PENGUIN icon, a Penguin-With-Horns. You know, like how the Reg has for those other OS's.

  39. Anonymous Coward

    Different but same

    My bad, I spent too much time talking about Linux while the article is about Mac, but same principle applies.

  40. Peyton


    dual-core, so a multi-threaded app can go up to 200% (realistically I've never seen >150%, as reported by Activity Monitor).

    @Burn - ahh a Coal Chamber fan! win!

  41. Phil

    Exploiting a hole does not a malware make...

    I've always found it interesting to note that users of a particular OS (no names, there are a variety) often claim along the lines of "Well, a user had to install it, that doesn't count." User interaction doesn't have anything to do with it. A virus is code that self replicates. A Trojan does something other than what it says on the tin. That's all folks. They don't have to exploit vulnrabilities, they don't have to run without user intervention. By the description I've seen of this botnet, these are Trojans by definition.

    Yes, users were fooled into running them, but then Love Letter, Anna Kornikova and a host of other Windows viruses relied on social engineering too, and they are *never* dismissed in such a way.

    While computers still need users, there will be malware, regardless of the OS. As the average skill level of Mac (or Linux, for that matter) falls, so viruses and other malware will rise

  42. Wortel

    @*nix snobbery ensures most newbies give up

    Well if you write the way you do. You reap what you sow laddy.

    That said, even you would have a hard time getting your thread locked after the first reply over at

  43. Wortel



    Oh my

    By b166er Posted Friday 17th April 2009 10:03 GMT


    How we laughed.

    Murray, what exactly do you use your MAC for if you only use open-source?


    If you have to ask, you wouldn't understand it even if we told you :)

  44. Anonymous Coward

    I am invincible!

    I use Ubuntu so I'm perfectly safe hurrr.

    Just kidding. I know some people have been desperate for that comment so they can argue with it. Enjoy.

  45. Law

    RE: @Neil

    "dual-core, so a multi-threaded app can go up to 200% (realistically I've never seen >150%, as reported by Activity Monitor)."

    Lets not forget mac's can offload processing to their secret APU's (*) too!!

    * = Awesomeness Processing Unit

  46. Anonymous Coward
    Anonymous Coward

    I agree

    "I've never been fond of Macs, but you can't blame the platform when freetards will willingly install your malware for you."

    I agree, but you find a lot of Windows viruses that are spread in this way yet blamed on the OS.

This topic is closed for new posts.

Other stories you might like