iWork Trojan may be turning Macs into zombies

Mac users are threatened by something that has previously been the preserve of Windows machines. Researchers claim to have discovered the first Mac zombie botnet in existence and have published a paper in Virus Bulletin (subscription required).

The botnet stems from a Trojan horse embedded in a iWork '09 trial version that was making the rounds on file-sharing networks. The risk first came to light in January when security firm Intego warned of the potential threat hidden in the files.

Two researchers, Mario Ballano Barcena and Alfredo Pesoli, have now discovered two separate variants of the malware, each using distinct techniques to compromise users' machines. They also conclude that the author of the malware was not the same person using it to launch the denial-of-service (DoS) attacks on websites including, according to the Washington Post's Brian Krebs, a site called "dollarcardmarketing.com." The infected package has apparently been download several thousand times, though it also needs to be installed in order to do its dirty work.

It seems likely that this development will spawn a new era of argument over the relative security merits of Macs and PCs. But Trojan horses on OS X are nothing new; the lesson here is the same old saw about practicing safe computing - for example, don't download software from suspicious sources. As developer Pete Yandrell, one of the first to discover the Trojan's nefarious deeds, said, "If I'd done the smart thing, and got my copy straight from Apple, I wouldn't have had this problem."