1 post • joined Saturday 24th January 2009 13:35 GMT
It Doesn't Stop With the Software Thief Though...
What the brief article did NOT mention and many of the commenters may not be aware of, is that this vulnerability not only puts the Mac user that downloaded the pirated sofware at risk, but the trojan itself is designed to set up a botnet to use those computers as slaves to the master's whim. I'm ALL for wagging my finger and saying "shame shame... " to those who download pirated software when there's a perfectly good trial version available for 30 days from the source. And if something bad should happen to their system as a result of their thievery, then so be it. However, this was used as a weapon against an innocent third party. Whoever did this can launch instructions to those 20,000 computers to execute some other dastardly deed against someone (or some people) who have nothing to do with their software or P2P networks, etc...
How do I know this? I was actually the victim of a DDOS attack from those 20,000+ computers that nearly put an end to my business by crippling our host's servers and pushing our bandwidth over 600Gb within a week's time and sending millions of bot "visits" to our DollarCardMarketing.com site. We have no way of knowing whether the coder had something against us, or we were just a randomly picked "test" site, or if someone hired them to write and distribute it. A more comprehensive article was written and is being followed up on at the Washington Post: http://voices.washingtonpost.com/securityfix/2009/01/pirated_iwork_software_infects.html?hpid=sec-tech