A Russian company claims to have identified about 17,000 on Mac, malware used to send spam or perform DDoS attacks. Doctor Web, the Russian company in charge of security, said there are about 17,000 in the Mac world on which there is a malware called ” Mac.BackDoor.iWorm ” a backdoor that would allow you to take control of the user’s machine.
The malware exploited without the user to create a botnet, in other words a network controlled by a single entity, for example, to send spam or carry out attacks distributed denial of service (DDoS) attacks.
It is unclear how the malware has spread but normally this kind of problems occur downloading applications from untrusted sources, indicating during installation the user name and password. At the time of writing, Apple has not yet updated XProtect, the database system with built-in OS X anti-malware signatures that automatically stops the execution of malicious applications.
The malware has been created in C++ and Lua (programming language), makes use of ” intensive ” routine and encryption during Setup extracts the files in Library / Application Support / javaw, it generates a plist file and automatically activates the backdoor startup. The system opens a listening port and waits for instructions from the control server. It seems that the mechanism acquires the list of server control from reddit.com.