A group of Russian security researchers has discovered a new malware
threat to the Apple Mac OS X that has affected thousands of Macs around
the world. Hackers can issue commands to allow this malicious software
to gather user data and perform various other system actions on the
infected machines.
According to Russian security firm Dr.Web,
the malware entered its virus database as “Mac.BackDoor.iWorm” in
September. The new threat already has had effects on more than 17,000
unique Internet Protocol addresses associated with infected Macs. It is
described as “a complex multipurpose backdoor” that can use Reddit’s
search functions to perform its task.
“Criminals developed this malware using C++ and Lua,” a post on
Dr.Web’s website read. “It should also be noted that the backdoor makes
extensive use of encryption in its routines. During installation it is
extracted into /Library/Application Support/JavaW, after which the
dropper generates a p-list file so that the backdoor is launched
automatically.”
After being installed, the iWorm malware creates an operating file,
opens a port on an infected Mac, sends a request to a remote site for a
list of control servers and then connects to the servers, awaiting
further instructions. What is interesting here is the malware’s ability
to employ Reddit’s search service in getting a control-server address
list. The malware uses Reddit to look for comments left by the criminals
in a Minecraft discussion section of the site.
“The reddit.com search returns a web page containing a list of botnet
C&C servers and ports published by criminals in comments to the
post minecraftserverlists under the account vtnhiaovyd,” Dr.Web said.
After iWorm connects with a command-and-control server, it can
deliver commands via binary data or the Lua programming language.
Although the Reddit string has apparently been shut down, the creators
of iWorm have likely set up another server list through another search
service, which has yet to be discovered, Apple Insider said.
Some 17,658 infected Mac computers were discovered as of Sept. 26, with 4,610 of them in the U.S.
source: ibtimes
No comments:
Post a Comment