dimarts, 21 d’abril de 2009

I ara toca als usuaris (indelicats) de MAC

Symantec, the company that discovered the first Macintosh worm in 1998, announced the discovery of the first Macintosh botnet.

If you have not pirated software, you're likely fine, the company said. That's because the bot spreads through a software package that purports to be a pirated version of Apple's iWork application, a productivity software collection similar to Microsoft Office. The product, which retails on the Apple Store Web site for $79, even touts compatibility with Microsoft Office as a key feature.

But if you decide to try to avoid paying $79 for it and instead decide to download a "free" version from a file sharing network, you may get infected, said Andy Cianciotto, senior security response manager of Symantec's Security Response team in a blog post in January.

The bad version of the software looks like the real thing but delivers a Trojan called iWorkServices.pkg, which can easily go unnoticed, as it is only 492KB in size in a 450MB ZIP file. The Trojan downloads malware, opens a back door to the computer and seeks to connect to remote hosts.

The issue received new attention this month with a writeup by Symantec in Virus Bulletin magazine, with the provocative headline The new iBotnet.

"We wanted to educate people," said Gerry Egan, director of product marketing for Symantec Security Response. "We wanted to tell people that although you're more secure on a Macintosh, you're not invincible."

In fact, the Trojan uses social engineering, he noted. It does not exploit a flaw in Apple's operating system. "It's the old style con or hustle," Egan said. "For someone who's just downloaded free software, they want to use the software now. They'll let it run."