Researchers at Russian antivirus company Dr Web said in a report that the sophisticated "multi-purpose backdoor" malware that it dubbed "Mac.Backdoor.iWorm" has infected more than 17,000 computers running Mac OS X by allowing criminals to issue commands to carry out a wide range of instructions on the infected machines.
"Criminals developed this malware using C++ and Lua. It should also be noted that the backdoor makes extensive use of encryption in its routines," said Dr Web in its report. "During installation it is extracted into /Library/Application Support/JavaW, after which the dropper generates a p-list file so that the backdoor is launched automatically."
Compromised computers receive commands from servers under the control of botmasters using information posted in messages on Reddit as navigational aids. Then Mac.Backdoor.iWorm opens a port on an infected computer and awaits an incoming connection. It sends a request to a remote website to acquire a list of command and control (C&C) servers, and then connects to the remote servers and waits for instructions.
"It is worth mentioning that in order to acquire a control server address list, the bot uses the search service at reddit.com, and - as a search query - specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date," said Dr Web. "The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd."
Security expert Graham Cluely said on his blog that while it isn't presently documented how the malware spreads, the consequences clearly can be serious.
"Like any computers that have been recruited into a botnet, Macs that have been hijacked in this attack could have information stolen from them, further malware planted upon them, or be used to spread more malware or launch spam campaigns and denial of service attacks," Cluley explained.
Security firm Lancope CTO TK Keanini added that the botnet "will begin to co-evolve as countermeasures are put in place and they engineering and innovate around them".
No comments:
Post a Comment