Reddit Helps Botnet Recruit 17,000 Macs
Using a Mac and browsing Reddit are pretty safe activities, as far as online security goes, but “pretty safe” does not equal “riskless.” A new bit of Mac-centric malware has infected more than 17,000 computers, and its creators are employing Reddit to add even more systems to the ranks.
The information comes from Russian antivirus firm Doctor Web, which wrote about the threat in a news post. The malware in question is known as Mac.Backdoor.iWorm, and it has two functions: Steal personal information from Macs, then draft other computers into the botnet so that they can do the same.
Of the 17,000 infected machines, the largest percentage is in the United States, with about 4,600 compromised machines. The United Kingdom and Canada rank far behind, with about 1,200 apiece. The rest of the botnet machines are scattered more or less evenly throughout the developed world.
Despite the patently ridiculous “Macs don’t get viruses” rhetoric that gets thrown around on the Internet, a Mac botnet is not a terribly uncommon thing, and 17,000 machines is far from as bad as these things get. What makes this case interesting is the use of Reddit to work its dark magic.
When it first infects a system, Mac.Backdoor.iWorm employs the Reddit search engine and a hexadecimal query in order to acquire a list of command-and-control botnet servers. Then the computer connects to one, and the Mac in question essentially belongs to the malefactors.
To be clear, the system is not taking advantage of anything that Reddit has done wrong, nor does contributing to Reddit put users at risk for contracting the malware. If anything, Reddit has made its search engine too well, as it provides sensible query responses, even for hexadecimal algorithms. Macs may be less susceptible to infection than PCs, but that doesn’t mean you’ll be any less compromised if you get hit.
Source Toms Hardware