New OS X Trojan Lays Groundwork for Mac Zombie Army
A screenshot of the malicious PDF, as displayed in Ubuntu Linux.
UPDATE: Apple has now updated the anti-virus software built into Mac OS X 10.6 Snow Leopard and Mac OS X 10.7 Lion to guard against this Trojan. However, users of Mac OS X 10.5 Leopard or earlier, including all owners of PowerPC-based Macs, are still unprotected.
Look out, Apple users: There's another Mac OS X Trojan out in the wild, and it might be heading your way.
The sneaky malware pretends to a be a Chinese-language PDF document about the Pinnacle Islands, eight uninhabited rocks in the East China Sea simultaneously claimed by Japan, Taiwan and mainland China.
If you open the file, which could appear as an emailed attachment or as a Web link , the document, written in traditional Chinese ideograms, does indeed display. But a Trojan silently installs itself in the background as you try to sort out centuries-old territorial claims.
The Trojan doesn't really do anything yet. But F-Secure, the Finnish security firm that discovered it, notes that it lays the groundwork for much more sophisticated attacks against Macs.
The Trojan installs "backdoor" software to give a remote operator control of the machine, and sets up a communication link with a currently inactive command-and-control server .
Those two steps, repeated in thousands of Macs, could create a Mac-only botnet a vast army of "zombie" machines silently distributing malware and spam. Substitute an English-language document for global appeal, flip on the command-and-control server, and you're in business.
The growing market penetration of Macs in the worldwide PC market, coupled with the general cluelessness of Mac owners about the need for anti-virus software, has created a ripe field of millions of powerful, unprotected machines ready for exploitation by cybercriminals.
And for a cybercriminal, the best kind of botnet to run would be one comprised of machines whose owners think they'll never be infected.
If you don't have anti-virus software on your Mac and you should CNET's Topher Kessler has detailed instructions on how to detect and remove the Trojan.