Hackers Have Found A Flaw In Macs And Are Using It To Control 17,000 Apple Computers ... Via Reddit

Business Insider ^ | 10/03/2014 | James Cook

[SeekAndFind]

Criminals have discovered a flaw in OS X, the Mac operating system, and are using it to control thousands of Apple computers around the world.

The Russian security company Dr. Web first discovered the software, known as "Mac.BackDoor.iWorm." We don't yet know how the software spreads, but Dr. Web has released information on the clever way it connects to the criminals who control the program.

When a Mac is infected with Mac.BackDoor.iWorm, the program tries to make a connection to a command server. The iWorm reportedly uses Reddit's search function to find comments left by the criminals in a Minecraft discussion section of the site. (Minecraft is the block-building video game published by independent publisher Mojang, which Microsoft purchased for $2.5 billion in September.)

Here's a screenshot showing the Reddit posts the criminals used to control their hacked computers:

[Swordmaker]

So you’re saying it can happen?

Of course, it could. An OSX Mac is STILL a computer. It just has not happened in the 16 years since OSX was released in its first incarnation as a server version in 1998. There have been seven known computer virus candidates using various vectors, all failures. There are approximately fifty known Trojan horse programs in seven malware families, all of which the Operating System proactively prevents downloading, installing, or running by warning the user.

How many times have you been told this, for-q-clinton? How many times is it going to take before you quit posting the same negative things over and over?

Swordmaker's new ICD-10 addenda seems a good fit for you and a few others on FR:

90210 iOS Munchausen's Apple-Plexy Syndrome (MAPS), The overwhelming compulsion to post negative, judgmental, aggressive, and false commentary on any website commentary related to Apple products wherever found, including phobic reaction to projected Apple user euphoria. First and subsequent encounters.

Dr. Web has a history of crying wolf. Two years ago they claimed to have discovered a 680,000 member Java dependent Mac botnet but no members whose UUIDs they listed in their "Honeypot Intercept Servers" list of so-called infected Macs, which had to have Java installed to even be infected, were actually found to be infected. In fact, the UUIDs on the list included Macs that were sold without Java installed, Macs that had yet to be sold, and Macs that were yet to be even manufactured!

What they had was merely a computer generated list of UUIDs that might have been assigned to Apple that could belong to Macs. Not a single member of the putative Dr. Web MacBot was ever found in the wild. I became suspicious when two of my Macs in my office were reported as members according to their UUIDs, but neither of them were ever connected to the Internet, neither had ever had Java installed, and neither had the so called infected files in them. So I started investigating. On every forum, there were only people reporting their UUIDs were listed but NOT finding their computers infected. . . including large installed Mac locations such as Universities. The number of "infected" Macs kept dropping from the original 680,000 claimed by Dr. Web, not because they were cleansed, but because they were simply not found. When the story disappeared, the number was below 127,000. . . and then the story itself simply dropped from sight. . . as the only other security company, fellow Russion Kaspersky merely linked to Dr. Web's honeypot and the others remained silent. A typical Apple three week FUD non-story that faded and fizzled out because of lack of substance.

Strangely, even though Java was platform agnostic, and the game characters the website generated were more oriented to PC gaming where the "infection originated," Dr. Web never claimed any PC bot members.

They also claimed that, although the website was discovered to be a Russian language site, 95% of the infections were claimed to be in the US. . . Judge Judy says "If it doesn't make sense, it's a lie." Dr. Web was just releasing their Mac OSX Anti-Virus for Business just as they "coincidentally discovered" this OSX Macbot, that no other Computer security company could find. Amazing. Where were the target companies for Dr. Web'so software? In the US. They are still pushing that software for Macs. . . Follow the money, for-q-clinton.

[roadcat]

No. The photos were not stored on Reddit. Reddit doesn't store photos.

I stand corrected. Haven't gone there. Just knew that 4chan is a site that has links elsewhere, similar to FR where a click goes somewhere else to retrieve stuff.

[Scoutmaster]

Understood. A warning as well. I just discovered that if you sort the comments on the Reddit Waterloo armour link by ‘new,’ the first comment will contain an obscenity. I was viewing the comments by ‘best’ and didn’t see it.

[Scoutmaster]

By the way, a translation of the museum's page on that Waterloo armour says the wound was fatal. I mean, if you were wondering or anything.

[Loud Mime]

My gawd! Those 4 chan people say what they want!

[rlmorel]

Sure, you were joking.

[rlmorel]

The only computer that is invulnerable is one that is on its own power supply, in a secure structure, on no network.

That’s a fact.

But, that said, the Mac OS is pretty secure for the most part.

[spel_grammer_an_punct_polise]

“Sure, you were joking.”

What I am sure about is that I wish FR would have an ‘ignore’ button. ;-)

[rlmorel]

Knock yourself out.

[Swordmaker]

invulnerable is one that is on its own power supply, in a secure structure, on no network.

LOL. . . no, better yet, turn it OFF.

And you're right. The Mac has been and is pretty secure. It has been the target of orchestrated specific hacks at Black Hat conferences using prepared scripts through vulnerabilities requiring the user to take a specific action, usually downloading and executing a file. The weaponizing of these vulnerabilities can only be accomplished by converting the file into a TROJAN horse application, and then using social engineering to trick users into doing the downloading, installing, and running the malware. No successful self-replicating, self-transmitting, self-installing, self-running application has ever been seen for Mac OSX. Seven candidates using various vectors have been presented over the past twelve years. All failed to work. The only successful malware for Macs have been those Trojans. . . and Apple has addressed that problem.

[itsahoot]

I still don’t believe it. Swordmaker guaranteed us this is impossible on OSX.

Swordmaker has never said any such thing, but I am sure you can identify all those viri that are in the wild. The last FUD from this guy claimed thousands of Macs were infected yet no one produced a single infected computer.

[rlmorel]

The greatest threat to Macs is via social engineering exploits.

[Swordmaker]

It is as I thought. . . According to researchers, the so called OSX "iWorm" is nothing more than a TROJAN horse application. In this case being spread by the downloading of PIRATE SOFTWARE such as pirated Photoshop CC 2014, which carries the installer of the Trojan along in the installation Torrents of the illegal unlicensed software. It is not a virus. . . nor, as I wrote earlier, could Dr. Web know the number of "infected" Macs.

If you did not download pirated Mac software and install it, you were not at risk of contracting this Trojan.

Contrary to the claims of articles headlines, there is no intrinsic flaw in OSX being exploited by this malware. Instead, the intrinsic psychological fault, dear Mac users, is in ourselves, that some of us are tempted by "free" commercial software through piracy.

As of yesterday, Apple has added the signature of all three versions of this Trojan to their automatic system which has been automatically added to your OSX system and will now block the download, installation, or running of any application containing the Trojan code, warning the user of its presence. — PING!

Apple Mac Trojan Security Ping!

If you want on or off the Mac Ping List, Freepmail me.

[Chgogal]

http://www.electronista.com/articles/14/10/03/formerly.used.reddit.as.go.between.to.steal.user.data/

The malware could be Java-based, and can be detected on a Mac by doing a search from the “Go” menu, by using the “Go to Folder” command to look for a folder called “JavaW” in the user's Library/Application Support folder (users should use the “Go” menu, as the user Library folder is normally hidden by default). From the Go menu, users would type or paste /Library/Application Support/JavaW, and would most likely see the message “file not found,” meaning the machine is unaffected by the malware.

I don't have the malware.

[Biggirl]

Do you know where this hacking came from?

Was this from the Middle East, China, or Russia?

Thank-you for your response. :)

[Biggirl]

Considering that more hacking takes place on Windows-based platforms, stuff like this do not happen often with Apple.

[Swordmaker]

Do you know where this hacking came from?

Was this from the Middle East, China, or Russia?

The Reddit control posting seemed to be coming from China. . .

[TheStickman]

So 17,000 morons let someone gave someone in their home, gave them their password and let them type it into their computer & then allowed them to go to whatever website to catch a worm and allow their computer to be controlled by someone else?

FUD.