Sign up for our newsletter
Technology / Cybersecurity

Hackers convert 17,000 Macs into malware botnet

A new botnet in Mac OS X is being exploited by hackers to spread a malware called Mac.BackDoor.iWorm.

The malware has already infected more than 17,000 Macs around the world, reported Russian antivirus company Dr Web.

US users are the most affected with more than 4,610 computers infected, followed by Canada with 1,235 units, and the UK with 1,227 units as of September 26, 2014.

It is not known how the virus spreads, but reports suggest that iWorm uses the search function of Reddit to find comments given by criminals in Minecraft discussion section, to connect to the server addresses listed in the section’s subreddit.

White papers from our partners

Dr Web said in a statement: "It is worth mentioning that in order to acquire a control server address list, the bot uses the search service at reddit.com, and — as a search query — specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date.

"The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.

"The bot picks a random server from the first 29 addresses on the list and sends queries to each of them. Search requests to acquire the list are sent to reddit.com in five-minute intervals."

After connecting, hackers spread spam campaigns, bombard websites with traffic resulting in crash and spread more malware using the botnet of infected computers.

The malware is suspected to have been created using C++ and Lua.

The infected computers are currently not being used for attack, indicating that attackers are growing the network to intensify the scale of the attack.

Security watcher Graham Cluley’s blog cited that Reditt will not be able to stop the attacks by shutting down the accounts that are communicating with the botnets, because it will result in creation of new accounts and alternative services to communicate with the infected devices.
This article is from the CBROnline archive: some formatting and images may not be present.

CBR Staff Writer

CBR Online legacy content.