Slashdot Mirror

← Back to Stories (view on slashdot.org)

New OS X Backdoor Malware Roping Macs Into Botnet

Posted by timothy on from the sad-face-mac dept.

An anonymous reader writes New malware targeting Mac machines, opening backdoors on them and roping them into a botnet currently numbering around 17,000 zombies has been spotted. The malware, dubbed Mac.BackDoor.iWorm, targets computers running OS X and makes extensive use of encryption in its routines, Dr. Web researchers noted. What's even more interesting is that it gets the IP address of a valid command and control (C&C) server from a post on popular news site Reddit. The malware is capable of discovering what other software is installed on the machine, opening a port on it, and sending a query to a web server to acquire the addresses of the C&C servers.

7 of 172 comments (clear)

  1. Oh noes .. Reality field collapses .. arrghh by OzPeter · · Score: 4, Insightful

    But then .. from TFA

    Unfortunately, the researchers didn't mention how the malware spreads, but they shared that it is unpacked into the /Library/Application Support/JavaW directory, poses as the application com.JavaW, and sets itself to autostart.

    So for all I know, this could either be a world shattering event where by zero day exploits are being used on OSX to leverage malware.

    OR it could be like the HK protesters where by you needed to J/B your phone first.

    So I am reserving my panic until I know more.

    --
    I am Slashdot. Are you Slashdot as well?
    1. Re:Oh noes .. Reality field collapses .. arrghh by gtall · · Score: 2, Insightful

      What's really weird is that you consider a sexual slur integral to your argument.

    2. Re:Oh noes .. Reality field collapses .. arrghh by amiga3D · · Score: 4, Insightful

      I run little snitch on my Macs and I'm constantly amazed at how many of my programs want to talk to some site or other. It's annoying because I have to research and see why they want to contact these places and what exactly is going on. I find that if I just block them it's almost never a problem though.

  2. Quite useless article by Anonymous Coward · · Score: 2, Insightful

    Is this an article about how it's spread, or is this the website that it's spread from?

  3. Re:Quite useless article by amiga3D · · Score: 3, Insightful

    I've found most Mac users seem to respect BSD users. They assume anyone running windows is IQ challenged.

  4. They probably don't know how it spreads by FellowConspirator · · Score: 5, Insightful

    A regular user process is not going to be able to create the sub-directory in Application Support or install the launchd file to auto-start the service. For that, you'd need admin privilege, which has to be given explicitly by a member of the admin group. To get there, it has to trick an admin user to explicitly install it (in which case, it's not a worm/virus, it's a trojan), or it has to remotely trick an OS X application that runs as root or has admin privilege to do so -- but there's not much opportunity there as most services don't accept incoming connections, and those that do generally generally run as an unprivileged user. Looking at my Mac, the only service that can be connected to remotely and has sufficient privilege (if enabled) is SSH. Macs don't have that enabled by default.

  5. Re:Quite useless article by cant_get_a_good_nick · · Score: 5, Insightful

    Hmm, I've been on UNIX since SunOS days and Solaris was the new kid on the block. I've written a device driver that shipped in a commercial UNIX kernel. That said, I chose as my desktop a hybrid BSD/Microkernel architecture with POSIX compliance and a modern GUI. Or in other words, a Mac.

    Macs are not stupid, they are made to be simple to use. That external simplicity hides a deep complexity underneath. I think people who don't understand that making something complex to be simple to use is one of the hardest things in Computer Science. A good size for desktop computers now is about 8GB of RAM or more. At any given time, 8GB will give you 2^(8*(2^23)) states, which of course will change in a nanosecond. Mac OS tries to, as much as possible, hide the states that don't mean anything to you. It's not that the MacOS guys don't know they exist. They just feel YOU don't need to know they exist. Maybe they're wrong, but it's a conscious decision where they know the states that exist and they feel that showing the states is less helpful than the confusion it would engender.. Not stupidity.

    The main issue (and where you have a point though you exaggerate it way past its validity) is sometimes things are complex, and if you hide that complexity, you actually cause a disservice. Apple hides a lot of its security notices. As Macs become more and more of a target, they really need to not hide the complexity as much so that people can make valid choices on how to prevent malware infections.