Apple update stops 'iWorm' botnet targeting Macs and MacBooks
13 October 2014
Apple has released updates for the OS X systems to block a type of malware dubbed ‘iWorm’, which is responsible for infecting thousands of Macs, joining them to a botnet.
Macs are set by default to check daily for updates to its Xprotect anti-malware system, your system should have applied this automatically.
The malware spread by pretending to be a pirated app, it asked the user for permission to be installed. The scenario provides a good example of why you should always be cautious about the apps you install on your computer. You should never install apps from sources you do not trust.
Macs are not immune to malicious software. We recommend that you use antivirus software.
iWorm targets Mac OS X computers and joins them to a botnet. The botnet can then be used by a criminal to perform malicious actions such as sending spam, stealing information from your computer and spreading the virus further.
This botnet uses social media to receive commands. In this case, the online link sharing site reddit.com was used. Reddit has since closed the associated threads.
This botnet is estimated to have controlled more than 18,000 computers worldwide. There are three known variants of this malware that were addressed by this update (OSX.iWorm.A, OSX.iWorm.B and OSX.iWorm.C).
How to check if your computer is up to date
If you want to check if your computer has received the updates specifically for this malware, you can run a command to see if the update exists. First, open ‘Finder’, select ‘Applications’, 'Utilities' and then ‘Terminal’. Enter the following line (exactly as below):
The contents of this file will be shown. Look for a line that says 'OSX.iWorm.A'. At the time of writing, this line is near the top. If the line exists, your system has installed the updates successfully.
Note that this will not fix your computer if you have already been infected. Instructions for checking if you have been infected are available in this article. If you find you are infected, you should seek technical advice immediately.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.