Security scares seem to be coming up all too frequently for Mac users these days. First, there was the devastatingly fast hacking of a Mac thanks to a Safari exploit at PWN2OWN, and now the first-known botnet to exploit OS X appears to have been activated, according to two security researchers at Symantec. If true, it means the sense of security and superiority that so many Mac users maintain over their PC-using counterparts might be coming to an end.
The botnet is a result of users having downloaded and installed pirated copies of iWork ’09 way back around the time of its initial release. Accompanying those pirated versions was a trojan called iServices, a variant of which was also packaged with a pirated copy of Adobe Photoshop CS4. iServices remained dormant until just recently, when it was implicated in at least one Denial of Service (DoS) attack. Though the install base of the trojan is at present not large enough to pose a major threat, the researchers warn that this is likely only the beginning.
Symantec researchers suspect that software piracy will only trend upwards as the economic crisis continues, which is a very good thing for opportunistic hackers. The easiest way for them to distribute their malicious code is via pirated programs, since they aren’t QA’d or regulated in any real, consistent way. And if Macs continue to increase their presence, hackers will begin more and more to target OS X users, because it makes financial sense from their standpoint to do so.
In response to the report, network security firm McAfee, another anti-virus maker, spoke up. They claim that there’s nothing new about the iServices trojan that wasn’t already apparent and active in January, and that it represents only a low level of risk now, just as it did then. In other words, they think Symantec is blowing things out of proportion. Not that they’re saying you should just relax and pretend nothing’s wrong. Far from it.
Instead, the solution offered by both the Symantec team and McAfee is the one you’d likely suspect: install anti-virus software in order to protect your computer. And it may be the best solution, although after years of running both Windows and Mac machines without any virus protection that wasn’t built into them, and with no major issues to report at this time, I’d say that safe and intelligent browsing (i.e., don’t download risky pirated files) is still your best bet for avoiding these kinds of attacks, Mac or not.