Russian security company Dr. Web has discovered a flaw in the Mac OS X, which enables hackers to control infected computers using a search service at Reddit. The company says at least 17,000 unique IPs have been hacked, mostly in the US.
Dr. Web security experts discovered several threats to the MAC OS X after
conducting a check in September, the Russian company said in a
statement on its website.
“One of them turned out to be a complex multi-purpose
backdoor that entered the virus database as
Mac.BackDoor.iWorm,” the statement reads.
It has not yet been determined how the malware spreads, but
Russian experts say that once a Mac has been infected, the
software establishes a connection with the command server.
“It is worth mentioning that in order to acquire a control
server address list, the bot uses the search service at
reddit.com, and – as a search query – specifies hexadecimal
values of the first 8 bytes of the MD5 hash of the current
date,” the security company said.
“The reddit.com search returns a web page containing a list
of botnet C&C servers and ports published by criminals in
comments to the post minecraftserverlists under the account
vtnhiaovyd.”
"Criminals developed this malware using C++ and Lua. It
should also be noted that the backdoor makes extensive use of
encryption in its routines. During installation it is extracted
into /Library/Application Support/JavaW, after which the dropper
generates a p-list file so that the backdoor is launched
automatically," the company added.
The Mac.BackDoor.iWorm is likely to send spam emails, flood
websites with traffic, or mine bitcoins.
Dr. Web says 17,000 Macs were compromised by the botnet malware
as of September 26. Most of them (4,610) were in the United
States. Canada ranked second, with 1,235 comprised addresses,
followed by the United Kingdom with 1,227 addresses.