Backdoor:OSX/Iworm

Threat description

Details

CATEGORYMalware
TYPEBackdoor

Summary

Backdoor:OSX/Iworm connects affected Mac OS X machines to a botnet and is capable of a executing a range of commands. At the time of writing, there have been no reports of the IWorm botnet being used for malicious activities.



Removal

Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.

Technical Details

Backdoor:OSX/Iworm is reportedly spread via pirated software downloads. Once present on a machine running the Mac OS X operating system, the malware installs a file in the Library directory and then connects to Reddit's search page.

An unusual feature of this malware and the botnet it connects to is that a specific subreddit was used to distribute the IP addresses of the botnet's command and control (C&C) servers to affected machines. The subreddit has since been cleared of this C&C-related data, and the account used to post the data was shut down.

If the affected machine does successfully connect to the botnet, it is able to carry out a range of instructions, including downloading a file, executing a system instruction and changing its own configuration file. At the time of writing, there have been no reports of the IWorm botnet being used for malicious activities.

Following public reports of the malware, Apple updated OS X's built-in XProtect component to include identification for this malware.

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

More Info