Huge OS X Botnet 'iWorm' Utilizing Reddit to Expose IP Addresses of Control Servers
Apple Mac computers have long been touted as a system that was unsusceptible to malware or malicious attacks. In recent happenings in the computer security world, researchers have unturned many instances where Macs have come under attack with a wide range of sophisticated malware threats.
In a recent discovery made by Russian security experts at the antivirus vendor Doctor Web, a huge OS X Botnet was uncovered to utilize clever techniques to make the IP addresses and connection ports of its control servers known. This particular malware threat is compromising Mac systems and using the popular social site Reddit.com's search services to access the list of command and control (C&C) servers. Such servers are utilized by Botnets to distribute the malware's instructions to carry out malicious actions over the internet conducted by the infected systems.
Cybercrooks have so far published the IP addresses on Reddit making them available for use by any hacker who wants to take upon the task of attacking any of the individual infected computers. Based on data received by the security experts at Doctor Web, the malware detected is Mac.BackDoor.iWorm, or "iWorm" for short. This particular infection has managed to infect several systems with over 17,000 unique IP addresses associated with the infected computers.
As no surprise to us, the majority of infected computers reside in the United States with over 4,500 (26.1%) of them being compromised, while Canada and the UK make up about 1,230 IP addresses of systems being infected with the same malware.
One of the more surprising aspects of this Botnet malware is that its command and control IPs are pretending to be servers for Minecraft, a popular online game for computers. By doing this, iWorm can be used to funnel other malware without anyone being suspect of its activities. Basically, the iWorm infection runs under a pseudo personality potentially to evade detection and being suspected of downloading too much data from a server that is questionable. In addition, the C&C server IPs appear to be posted by the owner of the account "vtnhiaovyd" and is available for the post "minecraftserverlist," also to help thwart suspicion that the addresses are used for malicious purposes.
iWorm, much like many other Botnet infections we have encountered and reported on, can download and execute files and commands. iWorm could be used as an agent for stealing data on an infected system, send out spam messages or even as a host for conducting distributed denial-of-service attacks (DDoS). The possibilities are almost endless and to have a Mac OS X system performing these actions is an uncommon finding, which could also aid with iWorm conducting its malicious activities without immediate detection.
iWorm is almost reminiscent of Mac malware threats like Flashback, which was responsible for infecting over 600,000 Mac computers back in 2012. The creation of iWorm dates back to early 2014 where a Trojan horse was conjuring up the infection and managed to compromise over 22,000 computers.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.