“Doctor Web” found a botnet of 17,000 computers Mac )




“Doctor Web” announced the discovery of a complex multi-backdoor for Mac OS X. Malware application was added to the virus database named Mac.BackDoor.iWorm. The program allows you to perform on infected “make” a wide range of different commands received from intruders. According to the company, more than 17,000 Mac computers infected with the Trojan.


At the time of the initial Mac.BackDoor.iWorm retains its configuration data in a separate file and tries to read the contents of the folder / Library, to get a list of installed applications, specialists said, “Doctor Web”. If the “undesirable” directory can not be found, the bot receives using multiple system functions name of the user home folder OS X, on behalf of which it was launched, it checks for its configuration file and writes the data there, it needs to work with. Then Mac.BackDoor.iWorm opens on the infected computer a port and waits for incoming connection, sends a request to a remote Internet resource and waits for commands for later execution.

The Trojan attempts to connect to the server command, turning over in random order the first 29 addresses from the resulting list and sending requests to each of them. Repeated requests for the new list are sent every 5 minutes.

In the process of establishing a connection to the management server, the address of which is selected from the list using a special algorithm, the Trojan attempts to determine not whether this address is added to the exclusion list, and shares with him a special set of data that using a series of complex mathematical transformations verified the authenticity of the remote host . If the test is successful, the bot sends to a remote server room open on the infected computer port and a unique identifier, waiting to answer Incoming control commands.


Mac.BackDoor.iWorm able to perform two types of commands: various directives depending on the incoming binary data or Lua-scripts.

Collected by the company “Doctor Web” statistics show that in a botnet created by hackers using Mac.BackDoor.iWorm, at the end of September, there were 17,658 IP-addresses of infected devices. Their greatest number – 4610 (representing 26.1% of the total) accounted for by the United States, second place – Canada in 1235 with the index address (7%), the third place is occupied by the United Kingdom: 1227 are identified IP-addresses of infected computers (6 , 9%).

Follow us on Twitter , VKontakte , Facebook , Google+ or via RSS , to keep abreast of the latest news from the world of Apple, Microsoft and Google.


In: Technology & Gadgets Asked By: [15446 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »