Millions of Germans caught up in email-hacking botnet

The German information security ministry has warned the country’s citizens that many of them have been caught up in a massive botnet. Around 16 million people’s information – email addresses and passwords, mostly – was found to have been pilfered by the botnet, which presumably monitored the activities of its victims, and more than half of those email addresses ended in “.de”, denoting German users. The ministry has set up a website where concerned citizens can enter their email addresses; if the address is on the list, they will be sent a PGP-signed email with a special code in the subject line.

Twitter Used to Control Botnet

Twitter might be revolutionizing social communication, but it’s also providing a handy way for hackers and virus makers to issue commands once their creations are out in the wild. Symantec has determined that a trojan horse called “Downloader.Sninfs” was using the @upd4te Twitter account to send obfuscated commands to infected machines. Twitter has since disabled the account in question. Read More about Twitter Used to Control Botnet

Mac Botnet: How To Ensure You’re Not Part of the Problem

As reported recently all over the blogosphere, the world’s first Mac-based botnet is active after infiltrating people’s systems in January by way of a trojan hidden inside pirated iWork’09 installers. If you downloaded and installed iWork’09 from a torrent, binary newsgroup, or any other source not from Apple’s (s aapl) trial download links or official DVDs, you have a high likelihood of infection and need to do something about it.
We’re not here to judge — we are here to help. So if you know you’re possibly at risk, you should immediately determine if you are infected or not, and if you are rid yourself of infection.

Manually Determining Infection

To manually determine if you are infected or not, fire up a terminal (run Terminal.app). There are three ways to detect infection and all three should be used for thoroughness. The Trojan masquerades by the name iWorkServices and this is the key to determine infection. Read More about Mac Botnet: How To Ensure You’re Not Part of the Problem

Security Exaggeration or Real Threat: Is This the End of an Apple Era?

badbotnetSecurity scares seem to be coming up all too frequently for Mac users these days. First, there was the devastatingly fast hacking of a Mac thanks to a Safari exploit at PWN2OWN, and now the first-known botnet to exploit OS X appears to have been activated, according to two security researchers at Symantec. If true, it means the sense of security and superiority that so many Mac users maintain over their PC-using counterparts might be coming to an end.
The botnet is a result of users having downloaded and installed pirated copies of iWork ’09 way back around the time of its initial release. Accompanying those pirated versions was a trojan called iServices, a variant of which was also packaged with a pirated copy of Adobe Photoshop CS4. iServices remained dormant until just recently, when it was implicated in at least one Denial of Service (DoS) attack. Though the install base of the trojan is at present not large enough to pose a major threat, the researchers warn that this is likely only the beginning. Read More about Security Exaggeration or Real Threat: Is This the End of an Apple Era?