New OS X Backdoor Malware Roping Macs Into Botnet

An anonymous reader writes New malware targeting Mac machines, opening backdoors on them and roping them into a botnet currently numbering around 17,000 zombies has been spotted. The malware, dubbed Mac.BackDoor.iWorm, targets computers running OS X and makes extensive use of encryption in its routines, Dr. Web researchers noted. What's even more interesting is that it gets the IP address of a valid command and control (C&C) server from a post on popular news site Reddit. The malware is capable of discovering what other software is installed on the machine, opening a port on it, and sending a query to a web server to acquire the addresses of the C&C servers.

I have seen some malware trying to infect my Mac

[ruir]

And to get it you have to be fairly dumb. Fake sites for subtitles that just propagate your google query to "match" the name of the film you are search, and instead of giving you a zip with the subtitle, return a dmg file. But then, you have to click on it, click to install the binary, and give a password....So as I say you have to be pretty stupid to install the malware yourself.

To the hecklers...

[Ronin+Developer]

There is a common believe that Macs don't get viruses or could, possible, be susceptible to malware. This week, we have seen several issues that first threaten the *nix community (which, OSX is built upon). The first was the bash bug. The second is a worm that is capable of infecting a Mac system. A few months ago, we had Heartbleed that again, was cross platform.

Yes...the Bash Bug - affects *nix machines including Macs. That means the Linux user is just as exposed. It does mean, in this particular instance, that Windows users get a break.

The Mac, link linux, has proven relatively immune to computer viruses. How many people do you know run anti-virus and/or anti-malware software on the linux desktops or servers? Exactly. The Mac is built on top of an *nix core, but is far more usable by the average user. However, when the built in safeguards are disabled, it's possible to install malware. And, it's very possible that the attack vector is an exploit of the bash bug. We don't know the method or attack vector used to infect those machines (in either of the two articles on Dr. Web). Likely, users downloaded and installed an unsigned OSX application which, unlike having to jailbreak your phone, is easy to do. That unsigned app carried and installed the worm. I say" likely", because we just don't know enough yet.

For those who aren't aware, Apple has a app store for OSX apps in addition to the iOS app store. Like it's counterpart, apps are checked by Apple and are digitally signed. A developer must belong to the Macintosh Developer network to sign their apps and have them sold through the app store. You always have the option to install apps from other sources, but they are unchecked and unsigned. And, you take your chances, just as on other platforms, if you download and install unknown code.

Apple has taken a beating these past couple of weeks on multiple fronts. The Apple haters are in full force. But, in this case, we don't know how the malware/worm was installed. So, is it fair to bust Apple's chops over it without knowing the root cause?

Re:Quite useless article

[ArcadeMan]

I assume anyone running Windows is a gamer, anyone running OS X is doing desktop/front-end work and anyone running Linux/BSD is doing server work.