Hackers Have Found A Flaw In Macs And Are Using It To Control 17,000 Apple Computers ... Via Reddit

Business Insider ^ | 10/03/2014 | James Cook

[SeekAndFind]

Criminals have discovered a flaw in OS X, the Mac operating system, and are using it to control thousands of Apple computers around the world.

The Russian security company Dr. Web first discovered the software, known as "Mac.BackDoor.iWorm." We don't yet know how the software spreads, but Dr. Web has released information on the clever way it connects to the criminals who control the program.

When a Mac is infected with Mac.BackDoor.iWorm, the program tries to make a connection to a command server. The iWorm reportedly uses Reddit's search function to find comments left by the criminals in a Minecraft discussion section of the site. (Minecraft is the block-building video game published by independent publisher Mojang, which Microsoft purchased for $2.5 billion in September.)

Here's a screenshot showing the Reddit posts the criminals used to control their hacked computers:

[showme_the_Glory]

Reddit is the site the stolen nude celeb photos were released on.

That explains how they got the 17,000 mac users.

[for-q-clinton]

I still don’t believe it. Swordmaker guaranteed us this is impossible on OSX.

We will just have to wait to see how we can blame the users for this issue.

[dinodino]

I would say MVS/TSO or VAX VMS, actually, if you’re going to go back that far... ;) Ah, the good old days!

[Swordmaker]

I am VERY skeptical of this report. . . Dr..Web has reported finding a 17,000 member Mac botnet ( how do they EVEN know the number of infected Macs????) created by a new, never before seen "OSX iWorm" that they do not report how it works or how it can infect an OSX Mac. No other security company has seen this botnet or malware!

This is the same Dr. Web that a couple of years ago reported a 680,000 Macbot determined by the number of the UUIDs they claimed had connected into a "Honeypot intercept server." But no one has ever found a Mac member of that Dr. Web reported Botnet in the wild. The botnet ran on Java, which is platform agnostic, but Dr. Web only claim OSX was infected, and the modality required visiting an obscure Russian role play game character creation website to get infected, yet 95% of the claimed infections were in the US. Say what? The UUIDs they had listed in the Mac Botnet included UUIDs assigned to Apple for Macs that never had Java installed, had not yet been sold, or not yet even manufactured! The release of that Macbot claim coincided with the Release of Dr. Web's announcement of their entering the Mac antivirus market for business.

We are now entering the three week FUD SEASON before the October 21st Apple event where it is expected that Apple will announce new Macs. . . and Dr. Web is still pushing its business AV software. I remain VERY suspicious. — PING!

Apple Security Ping!

If you want on or off the Mac Ping List, Freepmail me.

[Swordmaker]

Only idiots say Macs are invulnerable to viruses.

And even bigger idiots regard those comments seriously and take issue with it.

The first version of OSX was released in 1998 in a server version in 1998. So in 16 years there have been no successful computer viruses on OSX FOR macs. There are approximately 50 known Trojan Horse programs — which are not computer viruses, but are malware—in seven OSX Trojan families for OSX, of which OSX will automatically block installation, download, or running. There have been seven known OSX computer virus candidates, all failures.

This "iworm" from Dr. Web, given their suspect history (see their claimed amazing shrinking Macbotnet of 2012 which no one could find a member in the wild), is I believe, merely more FUD. There are too many red flags in their report including their silence on how to avoid infection. . . which would be criminal if it were legitimate.

Since Apple is having an event on October 21st, most likely for the purpose of releasing new Macs, we've entered FUD Season. . . and Dr. Web Is pushing their Mac AV for business product. . . as they were when they launched it and the Macbotnet claim simultaneously two years ago.

[Swordmaker]

I still don’t believe it. Swordmaker guaranteed us this is impossible on OSX.

Please stop misrepresenting what I have stated on this forum. That said, Dr. Web has a dismal FUD record.

[Swordmaker]

With approximately 91,000,000 Macs in the wild, if this OSX Botnet actually exists, then the 17,658 infected Macs (my isn't that an impressively accurate number?) represent 0.019404% of all Macs may have been infected. How, exactly, did these guys even find one? Much less come up with all 17,658??? And the list them by country of location. I call FUD!

Dr. Web's claimed Reddit message to the Mac Botnet members.


Dr. Web's claimed locations of the Mac Botnet members by the numbers.

Why the absence of Japan, Hong Kong, China, Indonesia, Germany, the Arabian countries, Israel, and several others that have large Mac numbers? Strange.

[Biggirl]

Could it be that the hackers could very well be from the countries you have mentioned.

[roadcat]

From the media reports, I believe the photos were released on 4chan.

Yeah, but the photos were stored on Reddit and the posts to 4chan by users linked to Reddit.

[dennisw]

They should use these hacked computers to nuke Apple HQ in Cupertino. To nuke it from orbit. Nuke the Chinese FoxConn factory too...just to be sure...and to prevent further suicides on the iPhone assembly line

[House Atreides]

“...We are now entering the three week FUD SEASON before the October 21st Apple event where it is expected that Apple will announce new Macs....
************************************************************************************

“FUD SEASON”! Now that’s funny (but quite on point” and gave me a little laugh.

[for-q-clinton]

So you’re saying it can happen?

[kevkrom]

Dr. Web Is pushing their Mac AV for business product.

Getting antivirus software for a Mac is like giving a condom to a member of the high school A/V club. Sure, there's an outside theoretical chance it might actually be useful for its stated purpose, but only in cases where at least one person has made a serious lapse in judgement.

[Swordmaker]

They should use these hacked computers to nuke Apple HQ in Cupertino. To nuke it from orbit. Nuke the Chinese FoxConn factory too...just to be sure...and to prevent further suicides on the iPhone assembly line

It is a well established fact, Dennis, that the suicides at FoxConn occurred at their facility assembling products for HP, Sony, and Microsoft XBox. . . not Apple products.

The one suicide associated with an Apple product was a mid level engineer who had been questioned in 2009 in reference to selling an iPhone prototype to a competitor. After the questioning, he returned to his apartment (not at a FoxConn facility) and jumped from his balcony.

The fact also remains that the suicide rate at FoxConn's facilities, where 750,000 people worked and a total of 28 people committed or attempted suicide over an eighteen month period, were one-quarter of China's national suicide rate for the same age cohort. 25% of the normal rate. It is also one half of the suicide rate at Harvard University where the age groups are similar. So what are you complaining about?

[Swordmaker]

It is a well established fact, Dennis, that the suicides at FoxConn occurred at their facility assembling products for HP, Sony, and Microsoft XBox. . . not Apple products.

Forgot NOKIA phones. . .

[bravo whiskey]

BUT, BUT, BUT Macs are perfect

[Scoutmaster]

No. The photos were not stored on Reddit. Reddit doesn't store photos. Reddit links to photos that are hosted and stored on other domains such as imgur.

The links to the photos in question were originally posted to 4chan. Users downloaded files from the links posted at 4chan and uploaded selected files to sites such as imgur, and those non-Reddit-hosted-photo-links were then shared on Reddit.

I visit certain subreddits regularly, such as /historyporn and /artefactporn. The first has fascinating photographs from throughout history and the second fascinating photos of ancient artefacts. If you click on the Reddit link, you leave the Reddit domain and are redirected to the host of the photo, which is imgur more often than not (wikimedia, tumble, and flikr are less common sources). The Reddit post may include details about the photo, but does not store the photo. I generally reverse-search the photo to learn more about the content.

Here's an example of what you may find on the subreddit /artefactporn, a link to this photo of the armour of a cuirasse du carabinier holed by a cannonball at the battle of Waterloo:

The link to the photo is on Reddit, on the subreddit /aretefactporn. However, the photo is not hosted on Reddit; it's hosted at http://i.imgur.com/ot73yZV.jpg.

Here's the Reddit link to the imgur photograph, on the subreddit /artefactporn.

[Scoutmaster]

I'm not judging your choices.

In addition to my personal moral issues, I didn't view the photos because I had an issue with the NSA snooping in private emails. I didn't understand how a country that was upset with the NSA could wet itself over the spoils of a private individual's snooping because it involved boobies.

No, I take that back. I understood, but I shook my head and rolled my eyes.

[Scoutmaster]

I need to amend that. Reddit stores thumbnails of most of the photos to which it links, but the photos are hosted on domains other than Reddit.

[papertyger]

Please stop misrepresenting what I have stated on this forum.

But then all the fat chicks wouldn't be able to feel they're better than the hottie!