Mac worm: Please forward me
Now the full source code of what has been advertised as the first bot for Mac OS X has been revealed, it should probably be regarded as the biggest non-starter in the history of Mac pests yet, or possibly an extremely belated April Fool's joke. As Sophos's Graham Cluley reports in his blog, unlike previously sighted Mac malware, the worm (called OSX/Tored-A) tries to spread by attempting to gather email addresses from the infected Mac's contact list and then forwarding itself to those addresses.
However, this process fails due to many bugs in the RealBasic code. If the worm has been sent to a user who is not on a Mac, the apparently Tunisian author of the worm copes with this by asking the user to copy it to a Mac. The worm contains the line
For Mac OS X! : (If you are not on Mac please transfer this mail to a Mac and
sorry for our fault:)
Symantec reported on the first apparent botnets based on Mac desktop computers earlier this year, when a trojan called OSX.IService, was found attached to allegedly cracked versions of iWork 09 and Photoshop CS4 made available on Bittorrent networks. An earlier botnet on Mac systems was found back in 2005, but this exploited a PHP vulnerability and it was probable that only servers rather than desktop systems were affected.
Although there is still no significant infection of Mac systems, anti-virus manufacturers are noting increasingly frequent attempts by malicious web sites to get Mac users to download trojaned video codecs. Sophos have published a video of one such attempt.