Over 17000 Mac Machines Affected by 'iWorm' Botnet Malware

A newly discovered zombie network that exclusively targets Apple computers running Mac OS X across the globe has compromised roughly 17,000 machines so far, giving hackers backdoor access to infected computers, researchers at Russian antivirus firm Dr.Web warned.

According to a survey of traffic conducted in September by researchers at Dr. Web, over 17,000 Macs globally are part of the Mac.BackDoor.iWorm botnet, which creates a backdoor on machines running OS X. Researchers say almost a quarter of iWorm botnet are located in the US.

The most interesting thing to notice about this botnet is that it uses a special method of spreading via a search service of Reddit posts to a Minecraft server list subreddit to collect the IP addresses for its command and control (CnC) network.

Though the researchers did not mention how Mac.BackDoor.iWorm spreads, but they shared that the "dropper" program of the malware allows it to be installed in the Library directory within the affected user’s account home folder, disguised as an Application Support directory for "JavaW" and sets itself to autostart.

Once a Mac has been infected, the software establishes a connection with the command and control server. The backdoor on the user's system can be used to receive instructions in order to perform a variety of tasks, from stealing sensitive information to receiving or spreading other malicious software. It could also change configuration or put a Mac to sleep.

"Criminals developed this malware using C++ and Lua. It should also be noted that the backdoor makes extensive use of encryption in its routines. During installation it is extracted into /Library/Application Support/JavaW, after which the dropper generates a p-list file so that the backdoor is launched automatically," the company added.

The Mac.BackDoor.iWorm is likely to send spam emails, flood websites with traffic, or mine bitcoins. Most of the compromised machines are located in the US, Canada ranked second, with 1,235 comprised addresses, followed by the United Kingdom with 1,227 addresses and the rest is in Europe, Australia, the Russian Federation, Brazil and Mexico.

Treasure Map - Five Eyes Surveillence Program to map the entire Internet

The National Security Agency and the Government Communications Headquarters were able to access numerous Telephone companies only to be able to "map the entire Internet - any device, anywhere, all the time".

As reported by a German journalist, with a set of leaked documents provided by the notorious whistle-blower Edward Snowden, the five biggest intelligence agencies of the world have been working together to be able to get an almost real time visualization of the global internet as part of this NSA surveillance program.

This program picked up after the end of the cold war, doesn't only include large chunks of data but information from every single device that is connected to the internet anywhere in the world, be it a simple desktop computer to a smartphone.

As quoted by the repoter

"[The program aims] to map the Internet, and not just the large traffic channels, such as telecommunications cables. It also seeks to identify the devices across which our data flows, so-called routers. [The program] allows for the creation of an ‘interactive map of the global Internet’ in ‘near real-time,"

The US Officials claimed that the program was only used to map foreign and US Defence Department networks.

Source: TheHackerNews