Researchers at security firms ESET and Sophos have discovered that hackers have ported an old Linux backdoor Trojan to work on Apple's Mac OS X platform in an effort to expand the reach of their botnets. The new Trojan, named Tsunami, is derived from the old Linux Trojan Kaiten, which worked in an almost identical manner. Early speculation suggests it is a denial-of-service (DDoS) tool, although security firms are still investigating.
"As you can see by the portion of OSX/Tsunami's source code that I have reproduced below, the bash script can be given a variety of different instructions and can be used to remotely access an affected computer," said Graham Cluley in a post at the security firm's website.
Once it is running on the host machine, it connects to an IRC channel and awaits further commands from the hackers. They can then use the combined connections of the all the computers in the botnet to flood servers with requests, bringing them down in DDoS attacks. Hackers are able to download files to the infected computer for it to update itself or install additional malware, and gives complete control of the host machine to execute any command they choose.
"Mac users are reminded that even though there is far less malware in existence for Mac OS X than for Windows, that doesn't mean the problem is non-existent," said Cluley of Sophos. He also reminded users of OS X that participating in a DDoS attack is illegal, whether it is intentional or not, and you certainly would not want anyone having remote control of your computer.