Author: Zeljka Zorz HNS Managing Editor/ Posted on 02.10.2014
New malware targeting Mac machines, opening backdoors on them and roping them into a botnet currently numbering around 17,000 zombies has been spotted and analyzed by malware researchers of Russian AV company Dr. Web.
The malware, dubbed Mac.BackDoor.iWorm, targets computers running OS X and makes extensive use of encryption in its routines, the researchers noted.
What's even more interesting is that it gets the IP address of a valid command and control (C&C) server from a post on popular news site Reddit.
Unfortunately, the researchers didn't mention how the malware spreads, but they shared that it is unpacked into the /Library/Application Support/JavaW directory, poses as the application com.JavaW, and sets itself to autostart.
The malware is capable of discovering what other software is installed on the machine, opening a port on it, and sending a query to a web server to acquire the addresses of the C&C servers.
Help Net Security/ Article/ http://www.net-security.org/malware_news.php?id=2875
Userlevel 7
+54
I have know several people who because they have a Mac they believe that they do not need an AV, well those people should read these articles.
Graham Cluley | October 2, 2014
From the article:
"This isn’t, of course, the first time that we have seen Mac computers infected by malware and hijacked into a criminal botnet, and it isn’t anything like as big so far as the notorious Flashback worm which hit more than 600,000 Mac computers in early 2012.
But it is another timely warning that Mac users shouldn’t be fooled into thinking they are somehow immune from computer security threats. An anti-virus product should be part of your arsenal, if you value your privacy and the data you store on your Apple computer.
In addition, keep your computer patched with the latest security updates – both for the underlying OS X operating system, but also for commonly targeted software such as Adobe Reader, Flash and Java."
Full Article
Graham Cluley | October 2, 2014
From the article:
"This isn’t, of course, the first time that we have seen Mac computers infected by malware and hijacked into a criminal botnet, and it isn’t anything like as big so far as the notorious Flashback worm which hit more than 600,000 Mac computers in early 2012.
But it is another timely warning that Mac users shouldn’t be fooled into thinking they are somehow immune from computer security threats. An anti-virus product should be part of your arsenal, if you value your privacy and the data you store on your Apple computer.
In addition, keep your computer patched with the latest security updates – both for the underlying OS X operating system, but also for commonly targeted software such as Adobe Reader, Flash and Java."
Full Article
Userlevel 7
+62
Hello Webrooters,
Yes Jasper I totally agree. Just the other day I was talking to Apple Support and escalated Support team at that about my iPad..
He firmly said that Macs don't get viruses because that just doesn't happen in an Apple environment. I've had another Apple Support concerning my Mac and he said the same thing! So I do not need to worry about anything do i? NOT! 😉
Yes Jasper I totally agree. Just the other day I was talking to Apple Support and escalated Support team at that about my iPad..
He firmly said that Macs don't get viruses because that just doesn't happen in an Apple environment. I've had another Apple Support concerning my Mac and he said the same thing! So I do not need to worry about anything do i? NOT! 😉
Userlevel 7
+54
By James Cook
Apple has added the dangerous iWorm bug to its malware detector after 17,000 Mac users were found to have been infected with the virus.
Business Insider reported on Friday that a Russian security firm discovered a piece of malicious software known as "Mac.BackDoor.iWorm." that was being found on Mac computers around the world. The bug gave hackers control of the computer, and could have been used to send spam emails, crash websites, or mine Bitcoin. However, there's no evidence that hackers even got the chance to use their botnet before it was discovered.
Full Article
Apple has added the dangerous iWorm bug to its malware detector after 17,000 Mac users were found to have been infected with the virus.
Business Insider reported on Friday that a Russian security firm discovered a piece of malicious software known as "Mac.BackDoor.iWorm." that was being found on Mac computers around the world. The bug gave hackers control of the computer, and could have been used to send spam emails, crash websites, or mine Bitcoin. However, there's no evidence that hackers even got the chance to use their botnet before it was discovered.
Full Article
Userlevel 7
good team work with apple and Reddit, they were able to shut the IWorm Virus down. Mac users should be a bit relieved.
Userlevel 7
+54
An interesting article linking Pirate Bay to the propagation of the iWorm.
By Ericka Chickowski 10/6/2014
From the article.
"The weekend also yielded more research that showed The Pirate Bay likely played a big role in the propagation of iWorm on affected machines. Acting on a tip from a different anonymous researcher, the independent researcher Thomas Reed confirmed on his The Safe Mac blog that the iWorm installer was found in a pirated Photoshop install package modified to hide the malicious executable."
Full Article
By Ericka Chickowski 10/6/2014
From the article.
"The weekend also yielded more research that showed The Pirate Bay likely played a big role in the propagation of iWorm on affected machines. Acting on a tip from a different anonymous researcher, the independent researcher Thomas Reed confirmed on his The Safe Mac blog that the iWorm installer was found in a pirated Photoshop install package modified to hide the malicious executable."
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.