In October 2014, the antivirus software company Dr. Web announced that it had uncovered a new piece of malware. The malicious software, which Dr. Web called “iWorm,” had infected over 18,500 computers as of September 29. The majority of these computers were located in the US, Canada, Western Europe, and Australia.
iWorm Malware Details
Hackers are believed to have spread the virus by posting infected files on a website offering pirated versions of popular software. After infecting a machine, iWorm searched through the computer’s Library directory in order to figure out which applications to avoid. It then wrote permissions for itself in a configuration file, opened a port and waited for a request from the hackers.
The virus is particularly noteworthy because it used the search feature at reddit.com, a popular social networking service and news website, in order to retrieve a list of command and control servers. Hackers could use these servers to take control of multiple computers.
Large groups of infected computers like these are referred to as botnets. They can be used to crash websites and send massive amounts of spam emails. The virus also had the ability to steal personal information from its victims.
The hackers used encryption techniques that prevent IT security experts from determining all of the details about how iWorm was used. However, it appears that the virus was discovered before it could do any major damage.
In response to the new threat, Apple updated XProtect, the antivirus program built into its operating system. Three iWorm variants were added to the program’s list of viruses. In addition, Reddit shut down the “Minecraftserverlists” board that was used by the hackers to communicate with the infected computers.
Apple Insider has said that it is likely that the hackers were using another server list through a different search service, although a second server list has yet to be discovered.
Other Threats Facing Mac Users
This is not the first time that Apple has been forced to update its XProtect antivirus software. In 2011, it used XProtect against the MacDefender malware, which was a fake antivirus program targeting Mac users. Apple also used XProtect to defend against the Mac Flashback Trojan, which eventually infected approximately one million computers.
A commonly held belief among Mac users is that they do not need third-party antivirus programs. In the past, this belief was supported by the fact that hackers rarely targeted Macs. Since Windows-based computers were more prevalent than Macs, many cyber criminals felt that it was more cost-effective to focus on them. As a result, Macs were rarely attacked.
However, in recent years, Apple has grown in popularity, and this increased demand has prompted more attacks. These security breaches have underscored the need for third-party antivirus tools. Mac users can no longer afford to be lax about security.
Security Best Practices
Antivirus software can stop users from making mistakes like downloading apps that have hidden viruses or spyware. In addition to installing and maintaining an antivirus program, people should also make sure to use standard cyber security precautions and best practices.
Users should ensure that their Mac Firewall is both running and up-to-date. They should only download programs from recognized sources, and only open emails that they are expecting or that were sent from people that they know. Mac users should also consider denying websites access to plug-ins, as they can be vulnerable to certain attacks.
Mac’s growing popularity has made it an appealing target for hackers. This has resulted in the spread of malware like iWorm. In order to counter this threat, people should use an antivirus program and maintain IT best practices. For more information about cyber security, contact the Total Cover IT Team.