Visit Douglas Cootey's column >>

DOUGLAS COOTEYHome Page

Humorist, Artist, Geek
Add To Watchlist
Articles Posted: 4; Links Seeded: 12
Member Since: 2/2006Last Seen: 2/25/2008

More OS X FUD or a Hint of More Security Troubles for Apple?

advertisement

Deep in an article about botnet hunters over at the Washington Post was this little tidbit...

A few months ago, [David] Taylor became obsessed with tracking a rather unusual botnet consisting of computers running Mac OS X and Linux operating systems. Working a week straight, Taylor located nearly all of the infected machines and had some success notifying the owners of those systems, but the Taiwanese ISP the hackers used to host their control center repeatedly ignored his requests to shutter the site.

A botnet of infiltrated computers running Mac OS X? Has anybody heard of this? I can't see how if such a security nightmare such as this actually happened to Apple that C|net and ZDnet would sit on the story. I don't believe it's in their mission statements to be kind to Apple. I find it hard to believe that security firms looking to grab some headlines would miss this big event. Even the few Mac anti-virus companies who blow most minor vulnerabilities out of proportion have been silent.

I searched www.Shadowserver.org's RSS feeds and found no mention of this botnet for Linux or OS X. I'm prepared to write this off as either intentional FUD or just poor reporting. However, considering the recent events in the Mac community I'll hold off just yet. If any of you reading this have more information, would you kindly post it here? I'd really like to look into it if the story is legit.

Published to:

What's this?
Who's leading the conversation?
This visualization below allows you to see the impact that each user has on the current conversation. The top row contains the group of users who have had the most impact, the 2nd row the group of users who have had the 2nd most impact (et cetera). Users with similar impact are grouped together, and the average score of the group is shown to the left of the group. The author of the article is also shown on the left, in their corresponding group. Each user's score is based on the number of comments the user has made plus the number of votes their comments have received. The scores are calculated relative one another, so while their absolute value is not particularly important, their relative difference does indicate a larger difference in impact on the conversation.
1.0
{"commentId":73294,"authorDomain":"l33t"}

Check out the blog post at the Washingtonpost.com's Security Fix blog today:

When Macs Attack:

{"commentId":73294,"threadId":"22358","contentId":"142110","authorDomain":"l33t"}
    Reply#1 - Fri Mar 24, 2006 9:52 AM EST
    {"commentId":73298,"authorDomain":"l33t"}

    this blog doesn't allow links so here's a teaser: www washingtonpost dot com / securityfix

    When Macs Attack

    A story I wrote this week about "Shadowserver" -- a group of security volunteers who hunt down botnet operators online -- got picked up by "news-for-nerds" blog Slashdot, and since then a few readers and bloggers have been asking for more details on a botnet I mentioned that was made up entirely of computers powered by Linux and Apple Mac OS X operating systems.

    The subject came up in the following paragraph of the story, which addressed how botnet hunting is such a time-consuming and often small-reward effort that some people find it easy to get burnt out doing it after a short time: ..

    Several readers wrote in to say they were officially calling "baloney" (my euphemism), saying they could find no mention of OS X botnets on Shadowserver's news archives and demanding proof. I followed up with Taylor, who said the botnet in question wasn't being followed by Shadowserver at the time.

    {"commentId":73298,"threadId":"22358","contentId":"142110","authorDomain":"l33t"}
      Reply#2 - Fri Mar 24, 2006 9:55 AM EST
      {"canLink":false,"threadId":"22358","isPrivate":false}
      Leave a Comment:
      You're in Easy Mode. If you prefer, you can use XHTML Mode instead.
      As a new user, you may notice a few temporary content restrictions. Click here for more info.
      {"threadId":"22358","contentId":"142110"}
      Start TrackingStart Tracking
      Stop TrackingStop Tracking