<<< MacOS 10.09 Mavericks >>>
Protect Against Botnet Worm
The Russian antivirus vendor Dr. Web has reported the spread of a new botnet that exclusively targets Apple computers running Mac OS X. According to a survey of traffic conducted by researchers at Dr. Web, over 17,000 Macs worldwide are part of the Mac.BackDoor.iWorm bonnet.
And more worryingly for me is that one of the most curious aspects of the botnet is that it uses a search of Reddit posts to a Minecraft server list subreddit to retrieve IP addresses for its command and control (CnC) network.
As my children live on Minecraft I have searched for and found a simple solution that will at least alert me if the worm infects my iMac.
Get Alerted If Your Computer Gets Infected
Firstly it appears that the malware only gets installed via Pirated software so I should be OK, however if the Mac.BackDoor.iWorm malware does gets installed via pirated software, your computer and becomes part of a botnet. While you may not be able to stop it from getting there, you can be alerted when it does and then take steps to manually neutralise it.
How To Set This Up
Enable Folder Actions
According to the research, this malware installs itself to the following three locations. However, if the first folder exists, you might already be infected. So, really, you will probably just need to monitor the LaunchDaemons and /private/var/root folders.
/Library/Application Support/JavaW
/Library/LaunchDaemons
/private/var/root/
- Right-Click on one of the folders listed above
- Choose ⟹ Folder Actions Setup…
- Highlight ⟹ add - new item alert.scpt
- Attach Script
- Repeat for each folder
If a new item gets added at any of these location, you will get a pop-up alert. If it does happen, disconnect from the Internet and try to get rid of the malware.
This can be easily tested by copying an item within one of the protected directories which will result in the following message
