Threat Against Apple Mac OS X Spotted

Jay Decenella, IT audit expert
October 28, 2011 /

Security firm ESET has spotted a new threat against the Apple Mac OS X platform, in addition to a similar threat that it previously revealed, though slight differences appear.

The latest threat implements persistence on an infected system. It also has updated command and control information.

On the other hand, the more recent threat enables the infected machine to become a bot for Distributed Denial of Service (DDoS) attacks. Additionally, it enables a remote user to download files, such as additional malware or updates to the Tsunami code. The malware also executes shell commands, thereby taking control of the affected machine.

Dubbed as “OSX/Tsunami.A,” the latest threat has the ability to copy itself to computers. It then creates a file with the content that ensures the malicious binary is started after each reboot.

Another difference detected in the new binary is a new command and control IRC server and IRC channel, a protocol designed for group communication in discussion forums for real-time chat or synchronous conferencing.

“Although the samples we have received come from two different countries on two different continents, our telemetry data still indicates that there are very few hosts infected with this malware,” said Pierre-Marc Bureau, a senior malware researcher at ESET.

“It is our belief that the people behind this threat are in the process of testing their creation.”

These people are allegedly adapting the code, originally written for Linux, to the OS X platform.

Bureau added: “We are still unaware of any specific infection vector for this threat. It can be installed manually by an attacker or in an automated way.”

ESET noted that there could only be a limited risk to Mac users as this threat does not have the sophistication or complexity of botnet TDL4 or Win32/Duqu, which closely resembles Stuxnet, a malicious computer program that uses the Siemens Supervisory Control and Data Acquisition.


Share your opinion

SEO Powered By SEOPressor