It turns out that malware "iWorm" infecting Macs around the world forms tens of thousands of botnets

ByWendy Seltzer

security software"Dr.WEBTo develop Doctor Web, at least 17,000 Macs around the world are using malware "Mac.BackDoor.iWorm(IWorm) "that it is infected. Macs infected with iWormBotnetIt is said that it is waiting for an attack order from a malware developer.

New Mac OS X botnet discovered - Dr.Web - innovation anti - virus security technologies. Comprehensive protection from Internet threats.
http://news.drweb.com/show/?i=5976

Mac.BackDoor.iWorm - Google Docs
https://docs.google.com/document/d/1YOfXRUQJgMjJSLBSoLiUaSZfiaS_vU3aG4Bvjmz6Dxs/edit

Apple Updates Malware Definitions to Protect Against Botnet Threat Coordinated Via Reddit - Mac Rumors
http://www.macrumors.com/2014/10/04/iworm-malware-xprotect/

"According to Doctor Web," iWorm "is malware developed using C ++ and Lua, when iWorm starts up, it first opens the Mac's port in the background, then, on the anonymous bulletin boardRedditTo access the date of accessMD5It converts and it searches and downloads the list of control server IP address and port number from the comment field of reddit's "Minecraft server information" thread with the value of the first 8 bytes.


The reason why iWorm acquires the information of the control server by this means is to make it possible to cope with changing the server one by one assuming that it is an attacker and that the server can be stopped It is seen.

This is country-specific data on the number of unique IP addresses of Macs infected with iWorm discovered by Doctor Web. The total is 17,558, with 4610 cases (26.1%) in the United States, followed by 1235 cases (7.0%) in Canada, 1227 cases (6.9%) in the UK and 825 cases (4.7%) in Spain, with cases of infection in Europe and the United States It is understood that there are many.


After Doctor Web released iWorm's information, iWorm found that there are four kinds of malware including variants. Furthermore, when reddit volunteers began identifying the infected route of iWorm, it is called PirateBayBitTorrentIt has been found out that it has spread from those packaged in pirated software such as Adobe Illustrator CS 6 · Photoshop CC 2014 · Microsoft Office 2011 distributed via torrent file distribution site of Trent.


If you try to install an executable containing iWorm, you will get a warning "unidentified developer". It seems that the infected person clicked "OK" without warning this warning.


Furthermore, because the server information is downloaded from reddit, even though the firewall should respond, the infected person is seen as "blownet" as a result of "Allow" approval.


In response to the spread of iWorm like this, it is clear that Apple has added two kinds of iWorm to the virus / malware definition database "XProtect.plist" introduced from OS X (Snow Leopard).


Traditionally, viruses and malware are mainly targeted to Windows machines with large share, and Macs with small share tended to be difficult to target. In this era, the following commercials appealing the superiority of the Mac were made.

Japanese Get A Mac CM 7 Subtitled "Security" - YouTube


Ramen's AppleCM - YouTube


However, with the popularity of iPods and iPhones, the popularity of Macs has increased and the market share has increased, so it is thought that more and more people are being targeted by malicious hackers. Apparently it seems that the era of 'No Macware Worried about Viruses and Spyware' has totally ended.