Tags: mac | malware | botnet | iworm

Mac Malware Botnet Dubbed iWorm Blocked After Infecting 18K Computers

Image: Mac Malware Botnet Dubbed iWorm Blocked After Infecting 18K Computers
(Kimihiro Hoshino/AFP/GettyImages, file)

By    |   Monday, 06 Oct 2014 08:32 AM

A Mac malware botnet dubbed iWorm has infected more than 18,500 computers, but Apple engineers announced this week they've updated their blacklisting system to block the attacks.

The iWorm botnet cloaks itself as an application called com.JavaW, which launches automatically on infected machines, ZDNet.com reported. The technology website said the cyber-attack was first identified by the Russian antivirus firm Dr. Web.

"If application directories are not detected, the bot uses the getuid and gepwuid routines to determine the home folder for the account it is running under and checks whether the folder contains the file %pw_dir%/.JavaW (this file is created when the backdoor is first launched)," the Dr. Web post states.

"The port number is generated upon the first launch too . . . The backdoor exchanges data with the server and uses that data in tandem with specific routines to authenticate the remote host. If successful, the backdoor sends the server information about an open port on the infected machine and its unique ID and awaits directives," the post continues.

ARS Technica reported that iWorm appears to exploit a Reddit forum to spread its attack and compromise computers.

"One of the most curious aspects of the botnet is that it uses a search of Reddit posts to a Minecraft server list subreddit to retrieve IP addresses for its command and control (CnC) network," ARS Technica noted. "That subreddit now appears to have been expunged of CnC data, and the account that posted the data appears to be shut down."

MacRumors.com reported on Saturday that Apple created an update for its "Xprotect" anti-malware system to hunt down two versions of the iWorm malware and prevent them from being installed on its computers.

"First introduced with OSX Snow Leopard, Xprotect is a rudimentary anti-malware system that recognizes and alerts users to the presence of various types of malware," the site wrote. "Given the relative rarity of malware targeting OSX, the malware definitions are updated infrequently, although users' machines automatically check for updates on a daily basis."

© 2017 Newsmax. All rights reserved.

 
1Like our page
2Share
TheWire
A Mac malware botnet dubbed iWorm has infected more than 18,500 computers, but Apple engineers announced this week they've updated their blacklisting system to block the attacks.
mac, malware, botnet, iworm
337
2014-32-06
Monday, 06 Oct 2014 08:32 AM
Newsmax Inc.
 

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
America's News Page
© Newsmax Media, Inc.
All Rights Reserved