If the bot cannot find ‘unwanted’ directories, according to reports, it uses system queries to determine the home directory of the Mac OS X account under which it is running, checks the availability of its configuration file in the directory, and writes the data needed for it to continue to operate into the file. Furthermore, it disguises itself as the application com.JavaW and sets itself to autostart via /Library/LaunchDaemons/.Īnalysis indicates that the malware begins to seed itself into your Mac upon initial launch, saving its configuration data in a separate file and attempts to read the contents of the /Library directory to determine which of the installed applications the malware won’t be interacting with. Installing iWormĭuring installation, the malware first installs a backdoor into the directory /Library/Application Support/JavaW, after which the dropper generates a p-list file, so that the backdoor is launched automatically. It is capable of discovering what other software is installed on the infected machine and sending out information about it (operating system), opening a port on it, downloading additional files, relaying traffic, and sending a query to a web server to acquire the addresses of the C&C servers, essentially turning your Mac into a zombie. The Mac malware, called iWorm, uses a complex multi-purpose backdoor, through which criminals can issue commands that get the malicious program to carry out a wide range of instructions on the infected Macs.Īccording to researchers, the backdoor makes extensive use of encryption in its routes. The malware has infected about 18,500 Macs, according to recent statistical analysis. Virus hunters have discovered a sophisticated botnet targeting Mac OS X computers and using a novel technique to operate. Malware + Recommended + Security News iWorm Botnet Uses Reddit as Command and Control CenterĪ new day, and a new threat to Mac OS X.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |