Hackers port trojan from Linux to OS X

Hackers port trojan from Linux to OS X

Summary: Security researchers at ESET and Sophos have discovered that hackers have gone out of their way to port an old Linux backdoor trojan to the Mac OS X platform, extending their reach of computers that they can use as part of their botnets.

SHARE:

Security researchers at ESET and Sophos have discovered that hackers have gone out of their way to port an old Linux backdoor trojan to the Mac OS X platform, extending their reach of computers that they can use as part of their botnets.

Part of the original C source code for Tsunami, then known as Kaiten.
(Screenshot by Michael Lee/ZDNet Australia)

According to the researchers, the trojan, named Tsunami, connects to an IRC channel and awaits commands from hackers. Those commands include instructions to flood a server with requests, which combined with the efforts of other compromised computers results in a distributed denial-of-service attack.

It can also download files to the compromised machine, allowing it to update itself or install additional malware and has the ability to execute any command of the attacker's choosing, essentially giving them complete control.

The C source code for the Linux variant has been available in the public for some time, making it easy for anyone to change the hardcoded IRC servers' infected bots to join or modify the code for multiple platforms.

However, the trojan has no method of spreading, meaning a separate vulnerability would have to be exposed to upload the malware covertly, or users would have to choose to let their Mac become part of a hacker's botnet.

Topics: Apple, Linux, Malware, Open Source, Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Someone actually bothered to change some library headers and recreate functions based on OS X's implementation of the libraries just a simple botnet payload. People need to get a life!!
    Chrisjwilson
  • Wait for EdBot @ zdnet.com to catch wind of this - i can see his artical now 'bot nets target osx' - hes got a bea in his bonnet for attacks against apple os's.
    amckern-b0f83
  • Meh. I do find it amusing that the author only states that kaiten.c has been around "for some time." Its freaking ancient at over 10 years old. And, it was lame then too.
    pheh
  • Hackers? Life? Their sole existence and purpose negates "getting a life". Hacking *is* their life.
    cuba_pete
  • why would you bother with a trojan for a OS that has less then 5% market share.

    woah 0.5 out of every ten computers of computers, and probably only a half of those, are at risk of getting some crappy bullshit trojan.
    chugs1