Reports have started filling all over the internet that a suspected Botnet detected back in image January 2009 has been activated and reported to be on atleast 20k machines. This is the first time a Botnet has been activated on Mac OS X.

For those who dont know what a Botnet is, here’s a layman explanation: A botnet is a netwrok of infected computers (infected by Trojans that come with software packages and get installed on your machine when you install that software) which are used to initiate attack on other machines through the network or internet. These infected machines are also called zombies.

The first ever Trojan has been confirmed to come with pirated and unlicensed iServices package that came with iWork ‘09 and PhotoShop CS4.

How to know if your Mac OS X has been infected?

If your CPU is showing excessive usage (90 to 100% at times) then that’s a strong sign that your Mac has been infected.


On close inspection you will discover a PHP script instigating DDoS (denial-of-service) attacks on websites.

How to protect your Mac OS X?

Even though many Antivirus programs have been updated to block iServices (which is infected with the trojan) package but if your Mac has been infected already then try this:

Delete these folders:

1) System/Library/StartupItems/DivX
2) System/Library/StartupItems/iWorkServices

You may also find SecureMac to be a useful resource