Apple and Reddit Shut Down the iWorm Botnet

Last week, a Russian security firm discovered that over 17,000 Mac computers had been infected with a malicious software called iWorm that connected infected devices to a botnet by using Reddit to unearth links to command servers. This weekend, both Apple and Reddit took measures that rendered the software ineffective.

Apple updated its Xprotect software to add the iWorm to its list of blocked programs.

Meanwhile, Reddit banned the fake Minecraft subreddit that the hackers were using to connect the infected computers to the botnet.

Advertisement

It appears this botnet was defanged before the hackers could use it for anything nefarious, but it's disturbing that its creators hooked into so many computers before it got shut down. [Business Insider]

Image via MacRumors

Hackers Are Using Reddit to Connect 17,000 Macs to a Botnet

Bad news for Mac users: You're at risk for an insidious malware that will connect your computer to a botnet.

Hackers have developed a backdoor entry called "Mac.BackDoor.iWorm" that gains access to Macs and uses Reddit to connect the hacked computer with a command server. Once the computer is infected, the iWorm uses Reddit's search function to hunt down posts made by the hackers. These posts (on a Minecraft subreddit) provide server addresses, and the software uses the Reddit posts as a guide to connect to the botnet.

Advertisement

This gives them the option of using the infected computers for a variety of bad deeds, like attacking a website via DDOS attack or spamming the shit out of people.

It's not clear yet how they infect the Mac in the first place, but researchers for Doctor Web estimate that most of the infected Macs are in the United States.

There's no evidence that any of the estimated 17,658 Macs infected are actively getting used by the hackers, so that's good. But the attackers still managed to gain access to a large number of computers, and they may simply be quietly growing the network until it's large enough to execute something big.

Advertisement

To avoid infection, it's smart to keep your software updated (it's also just smart to keep your software updated in general). MacExperience also recommends that you set GateKeeper so it only runs digitally signed apps from the App Store, and that you put a password on your computer and keep access to Admin accounts at a minimum. All common sense stuff, but considering people keep making their passwords "password," it's worth a reminder.

I emailed Apple to ask if its security team is aware of the issue and will update if I hear back. [Dr. Web via Business Insider]

Image via Twitter