The Russian anti-virus company Doctor Web has discovered a new security threat to OS X that has already been registered in 17 000 different IP addresses around the world. The threat, called Mac.Backdoor.Iworm , is a so-called malware, that is a small application that the user is tricked into installing and then can perform a wide variety of instructions on the computer.
It’s not entirely safe determined how the malware is installed, but in anonymous tips to the website The Safe Mac is the origin of illegal pirate copies of other programs downloaded via torrent sites such as The Pirate Bay. The program that secretly housed malware program places this folder javaw on the spot / Library / Application Support / on the computer. This does not mean that Java is used, but it may simply be a place to hide away from the threat.
Mac.Backdoor.Iworm will thus be installed in conjunction with the other software becomes it, the user wants to install and thus enter their administrator password. This creates also known as a plist file, which can be seen as a file with information about how an app behaves on your computer. Thus held the malicious program running in the background and open for communication via the Internet.
The first thing that happens is that the malware program do a search online forum Reddit for a page that contains a list of server addresses, and then call one of these servers. When the affected computer is connected, it becomes part of a large so-called botnet, a network of infected computers that can receive instructions and perform tasks.
See if you are affected:
To check if a computer is affected is the easiest method to click from the Finder Go menu, choose Go to Folder option and then enter the address / Library / Application Support / javaw . If your computer beeps and a message saying that the folder can not be found is not malware software on your computer. If the folder is opened, thus the computer infected.
In such a situation, it is not certain that it is enough to delete the folder because the program might have already installed the code and made changes elsewhere. Apple has, however, updated the built-in protection Xprotect that existed in OS X since 10.6 Snow Leopard. Xprotect now blocking three variants of Mac.Backdoor.Iworm, the three variants called OSX.Iworm.A, OSX.Iworm.B and OSX.Iworm.C.
Xprotect updated automatically, so from the user’s side, nothing needs to be done. To check when the last change was made, you can find your way to /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources , and then look at the date when the file was last changed XProtect.plist.
To generally protect against such threats is not recommended to install illegally downloaded versions of software.