Back in January pirated versions of iWork '09 being shared on P2P networks were discovered to contain a trojan horse called "iWorkServices." The author of the malware did his thing by adding a malicious binary to the trial version of the software package.
ZDNet's own Ryan Naraine in "iBotnet" notes that researchers at Symantec claim that the resulting botnet of thousands of Macs is already being used for nefarious purposes.
Writing in the current issue of Virus Bulletin (subscription required), researchers Mario Ballano Barcena and Alfredo Pesoli found two malware variants — OSX.Iservice and OSX.Iservice.B — using different techniques to obtain the user’s password and take control of the infected Mac machine.
The symptom of an infected Mac is a PHP script, running as root, launching attacks against an unknown Web site as described in this blog entry. It's being described as the “first real attempt to create a Mac botnet.”
The scariest part of Naraine's piece comes at the end
“The code indicates that, wherever possible, the author tried to use the most flexible and extendible approach when creating it – and therefore we would not be surprised to see a new, modified variant in the near future,” the researchers added.
I guess the lesson here is to avoid downloading illicit software from P2P sites and to scan your Mac ASAP if you've been, ahem, promiscuous in your choice of software distribution systems.