Apple tries to kill iWorm: Zombie botnet feasting on Mac brains

Updates XProtect


Apple has updated its XProtect anti-malware system to squash several variants of the iWorm before the malware causes any further damage.

The changes to the program XProtect.plist allows OSX to detect and block three species of iWorm, helpfully named OSX.iWorm.A, OSX.iWorm.B, and OSX.iWorm.C.

XProtect is Apple's rudimentary malware squisher and the update should be carried out automatically.

Sadly, those who thought iWorm was just a Cupertino-based dance craze were disappointed when it appeared on the scene last week.

It works by creating a backdoor on machines running OS X, and had soon amassed a zombie network made up of more than 17,000 compromised machines, Russian antivirus firm Dr Web claimed.

The bad guys behind iWorm were using comments posted on Reddit as a map by which they steer infected machines towards command-and-control servers.

"Reddit isn't spreading the infection – it's simply providing a platform that is helping the botmasters communicate with the Mac computers they have managed to infect," explained veteran security bod Graham Cluley.

Have you danced with the iWorm? Get in touch and let us know. ®


Keep Reading

Biting the hand that feeds IT © 1998–2021