Mac Users Under Attack By ‘Reddit’ Botnet
Whilst Apple fans have always maintained Apple’s desktop computing platform has always been more virus secure than other computer brands, viruses for Mac still exist and are still out there.
A recent revelation has uncovered a brand new treat to Macs that bizarrely uses Reddit to coordinate attacks on host machines. Security boffins from Dr. Web uncovered the Mac botnet last week, claiming that the worm, known as ‘Mac.BackDoor.iWorm’ has managed to infect and compromised 17,000 Macs worldwide so far.
Infected Macs are not only enslaved to the botnet – a network of compromised computers which can be used to collectively take down websites or crack passwords by brute force – but also are vulnerable to further adware, spyware and malware, viruses and other methods of stealing personal information.
Strangely, the botnet uses popular social media site Reddit for some of its processes. The hackers behind the botnet actually use Reddit to connect enslaved computers to the network.
“It is worth mentioning that in order to acquire a control server address list, the bot uses the search service at reddit.com, and — as a search query — specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.”
Apparently the botnet searches Reddit for hyperlinks leading to command and control servers, the main hubs where botnet commands are sent from, and the place all computers on a botnet are connected to.
Of course, it’s not Reddit’s fault that these botnets are using their search engine to connect enslaved computers to the botnet. The site can do very little about the problem. If they do delete the user accounts responsible for the problem, the users will just go and find somewhere else to post links to their botnet servers.
As a side note, the botnet does seem to be connected with Java, and specifically uses a bogus folder labeled ‘JavaW’. if you can track down this folder, it means you might just be infected with the botnet. The next thing you’ll need to do is hold tight and wait for a fix to arrive. We don’t recommend deleting the folder, but you can always wipe your Mac and start again. Obviously you’ll want to try to back up files first otherwise they’ll be lost.
Check out Dr. Web for Mac below, their anti virus program for Mac should protect you from this threat, however it isn’t free. We don’t yet know if other antivirus programs have yet been updated to remove or protect Macs from this new botnet.
Source: Dr. Web