Monday, April 20, 2009

Mac Zombies At Last!

The first Mac zombie botnet finally appears on the 'net.

My question: why does it take so long for hit apps to make it to the Mac?

But seriously. The vector of infection was cracked bootleg applications purposely downloaded using bit-torrent, and installed with an administrative password. You apparently need to be living on the dark side to worry about this stuff on the Mac as yet.

Social engineering vectors aren't of the same category of risk as architectural problems, such as the ones that gave us IIS worms whose traffic consumed tens of percent of the world's bandwidth while they were active (this, according to MSNBC, which can't be plausibly accused of anti-Microsoft bias). Architectural flaws allow infection and propagation without the need of human intermediaries, and thus speed infection and allow infection of unobserved machines. Social engineering may be hard to prevent, but it is also limited in the number of machines susceptible (i.e., machines with a human present with the capability to execute commands, which excludes ATMs, servers, POS terminals, etc.) and limited in the rate of infection (i.e., no faster than the attractiveness of the pitch can cause people to click, or in the case of this Mac trojan, download a large infected binary and then install it using a proper administrative password).

But at least you can't say they aren't developing for the platform!

No comments: