Mac Botnet Spread Via Reddit And Pirated Software

Dr. Web, an antivirus company based in Russia, has reported a botnet that has affected over 17,000 Mac computers. The Mac.BackDoor.iWorm compromises the security of a computer’s files, and allows cybercriminals to install additional malware. According to the Dr. Web report, the United States has the most infected computers, followed by Canada and the United Kingdom. The threat was initially spread through a Reddit forum dedicated to Minecraft server lists, according to Dr. Web.

Apple has responded by updating its XProtect system to address the new security threat. This is the anti-malware system that runs behind the scenes on computers with Mac OS X. XProtect first appeared on computers back in 2009, slipping it into a Snow Leopard update. When Apple first launched this security system, Sophos Labs released a detailed tear-down of how this service protects Mac computers. XProtect is not a software application that can just be launched or configured by users. It comes built into the operating system. If a trojan or other security breach compromises your computer’s security, then an alert appears for users to take additional action. The alert is characterized by a bright red exclamation point icon, and users are encouraged to eject the installation disk.

The latest OS X update addresses the iWorm issue by updating the XProtect definition list. So it’s extremely important to update your operating system, so that your Mac computer won’t be at risk for the iWorm malware. You can run a system update by clicking on the Apple menu icon and clicking “Software Update.”

If you’re worried that your computer is infected with the iWorm malware, an unofficial Mac security blog called The Safe Mac has written extensive instructions on how to identify the threat and remove it from your computer. They explain that the iWorm botnet infects Mac computers by hiding in a malicious Application Support folder called “JavaW.” You can quickly check if your system has this folder by visiting the Application Support folder in the Library directory, and then looking for “JavaW.” According to the Safe Mac, “If a Finder window opens showing the contents of this folder, you are infected.”

If your computer hasn’t been infected by the iWorm malware, then you can explore proactive DIY alerts designed by app developer Jacob Salmela and highlighted by Ars Technica. The “roll your own” defense created by Salmela involves enabling alert scripts whenever certain file directories are modified. So if iWorm attempts to install itself onto your computer, you will receive an instant Folder Action Alert, prompting you to allow or stop the items from being added to these folders. This can be a quick and easy way to prevent the malware from infecting your computer.

Current Mac users can reduce their risks by updating their operating systems to the latest version provided by Apple and by avoiding pirated software installations. Since pirated software packages do not come directly from the manufacturer, users open their systems up to a host of potential threats and viruses.