Thousands of Macs have been infected with Reddit controlled botnet malware

J

Justin Kahn

Posts: 752   +6

thousands macs reddit

Security researchers from Dr. Web believe they have uncovered a botnet malware campaign that has infected more than 17,000 Macs already worldwide. Referred to as Mac.BackDoor.iWorm by the Russian research team that spotted it, unfortunately the team us yet to release details on exactly how the botnet is spreading.

Like any typical botnet infected system, the Macs in question are extremely vulnerable. Those infected could have private information stolen as well as be at risk for further malware infection. 

The attackers are using a somewhat unique method of interacting with the botnet and infected computers. The hackers are using Reddit as a navigational tool to pass commands to infected systems:

It is worth mentioning that in order to acquire a control server address list, the bot uses the search service at reddit.com, and — as a search query — specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.

Once installed, it will search for pages on Reddit that contain links to command & control servers. Infected machines can then be linked up to each other to be used for various attacks including denial of service and brute force password cracks.

Reddit is at no fault here apparently, and shutting down these pages/accounts would simply cause the attackers to move shop or create new ones. While there is no direct indication how the infection is spreading, reports suggest that this is also not Reddit’s fault. Dr. Web says the US is being hit the hardest with as many as 4,600 infected systems, followed by he UK and Canada.

It seems as though the attacks may be hinged on Java tech and is on some way tied to a mystery folder called JavaW. It is highly recommended to search down this folder in order to tell if you have been infected. Unfortunately, there is no direct fix available just yet, you can wipe your Mac and start fresh if you find the evil Java folder, otherwise you may need to wait until further instructions hit the web (not recommended). Additional details can be found at the Dr. Web site.

Permalink to story.

https://www.techspot.com/news/58301-thousands-of-macs-have-been-infected-with-reddit-controlled-botnet-malware.html

 
Reddit is at no fault here apparently, and shutting down these pages/accounts would simply cause the attackers to move shop or create new ones.
Click to expand...

Yes, but I think a lawyer out there should try and sue Reddit for about 100M, I mean, this only makes sense, right? You could potentially find this information using Reddit, so they must be held reliable.
 
  • Like
Reactions: Hexic and captaincranky
So Reddit could shut down these pages to inconvenience the hackers, but rather not because it's not really their problem... How about blocking the source of the attack from accessing your pages? That could be a start. What about the fact that your hosting these pages which contain harmful information, is that no better than a torrent site hosting a tracker? Well I have two things to be greatful for at least, 1; I don't have a Mac and most importantly, 2; I don't go on Reddit. No surprise the US and Canada has the most infected system, they make up the countries with the highest populous to have disposable Internet time. Then again, most time spent on the Internet is wasted time so what I'm doing isn't much better.
 
Don't have the folder. Does this mean I'm not special anymore?
 
Adhmuz said:
So Reddit could shut down these pages to inconvenience the hackers, but rather not because it's not really their problem... How about blocking the source of the attack from accessing your pages? That could be a start. What about the fact that your hosting these pages which contain harmful information, is that no better than a torrent site hosting a tracker? Well I have two things to be greatful for at least, 1; I don't have a Mac and most importantly, 2; I don't go on Reddit. No surprise the US and Canada has the most infected system, they make up the countries with the highest populous to have disposable Internet time. Then again, most time spent on the Internet is wasted time so what I'm doing isn't much better.
Click to expand...

How about taking some basic security measures to protect yourself online?
 
Adhmuz said:
So Reddit could shut down these pages to inconvenience the hackers, but rather not because it's not really their problem... How about blocking the source of the attack from accessing your pages? That could be a start. What about the fact that your hosting these pages which contain harmful information, is that no better than a torrent site hosting a tracker? Well I have two things to be greatful for at least, 1; I don't have a Mac and most importantly, 2; I don't go on Reddit. No surprise the US and Canada has the most infected system, they make up the countries with the highest populous to have disposable Internet time. Then again, most time spent on the Internet is wasted time so what I'm doing isn't much better.
Click to expand...

A botnet can be c&c from anything including apples website you wount shut down apple becuase someone uses it diffrent than you would expect. 2 disoble income not time.
 
SNGX1275 said:
As with almost all of these things, it isn't some exploit in the system, it is an exploit of the user. You have to download something unsavory, bypass Gatekeeper, and give it admin privs....[ ]....
Click to expand...
With that having been said, it certainly seems to validate a great deal of the rude things we say about Mac users....:D (Sorry, that was too good to resist. Like a high hanging curve ball)
 
  • Like
Reactions: davislane1
pmcardle said:
This must be a fake report because Apple computers don't get viruses or can't be hacked.
Click to expand...
KNOCK KNOCK --Wake up, *ANY* system can be hacked but the issue is usually insufficient targets (in this case Mac OS X) to make it worthwhile.
 
Hah childish comments here, some people need to change the record!

So the suggestion is that a pirated copy of photoshop might be to blame. People download it, to run it requires accepting that it is allowed to be let through gatekeeper, and also to make changes which require the admin username/password.

At this point it writes files into /Library.

Error between keyboard and chair unfortunately. Have seen this sort of problem on every platform with dodgy pirated software but worth hearing about to make people realise you can't trust everything in the pirate bay etc
 
jobeard said:
pmcardle said:
This must be a fake report because Apple computers don't get viruses or can't be hacked.
Click to expand...
KNOCK KNOCK --Wake up, *ANY* system can be hacked but the issue is usually insufficient targets (in this case Mac OS X) to make it worthwhile.
Click to expand...

Miss sarcasm much? The point of the first poster was some/most Apple users claim their OS is superior because it is immune to viruses or it cannot be hacked.
 
You must log in or register to reply here.

Similar threads

E
Another day, another FBI takedown of routers infected by malware
Replies
7
Views
224
p51d007
p51d007
midian182
Reddit faces patent infringement claims from Nokia ahead of IPO
Replies
1
Views
115
passwordistaco
P
Bubbajim
As Reddit prepares for IPO, sale of user generated content draws FTC's attention
Replies
9
Views
246
BeadMystic
B

Latest posts

Back