Must Read: Apple to Congress: We do not use 'tax gimmicks'

Topic: Malware

Hackers port trojan from Linux to OS X

Summary: Security researcher report hackers have gone out of their way to port an old Linux backdoor Trojan to the Apple Mac OS X platform.

Michael Lee

By |

Security researchers at ESET and Sophos have discovered that hackers have gone out of their way to port an old Linux backdoor Trojan to the Apple Mac OS X platform, extending their reach of computers that they can use as part of their botnets.

According to the researchers, the Trojan, named Tsunami, connects to an IRC channel and awaits commands from hackers. Those commands include instructions to flood a server with requests, which combined with the efforts of other compromised computers results in a distributed denial-of-service (DDoS) attack.

It can also download files to the compromised machine, allowing it to update itself or install additional malware and has the ability to execute any command of the attacker's choosing, essentially giving them complete control.


Part of the original C source code for Tsunami, then known as Kaiten.

For more on this story, read Hackers port trojan from Linux to OS X on ZDNet Australia.

Topics: Malware, Apple, Linux, Open Source, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

104 comments
Log in or register to join the discussion

  • RE: Hackers port trojan from Linux to OS X

    UH OH!!

    Now to wait for the Anti-Windows Crowd to come in and repeat over and over on how OS X and Linux are so secure and do not get viruses. Of course intelligent people know that trojans and other forms of Malware are more prevalent today compared to viruses and worms.
    bobiroc
    Reply Vote

    • RE: Hackers port trojan from Linux to OS X

      @bobiroc You beat me to it you bugger! The best part about this, is the fact that it is an OLD Linux trojan. But of course Mac and especially Linux are air tight and nothing can ever hurt them.
      Bates_
      Reply Vote

      • You said it. Why even waste their time?

        @Bates_

        Wouldn't this be like the Greeks giving Troy an empty horse?
        William Farrell
        Reply Vote

      • RE: Hackers port trojan from Linux to OS X

        @Bates_

        It's foolish if you think any OS is air tight
        YouCanDoItAgain
        Reply Vote

      • RE: Hackers port trojan from Linux to OS X

        @Bates_

        What planet you on. In every hackers competition the pro's go to the Mac and they are the first one they're able to hack into falling victum to the actacker. Because there are so many vulnerabilities.

        No brainer, you got some Trojan in your system and don't know it. LOL
        tripplec
        Reply Vote

      • RE: Hackers port trojan from Linux to OS X

        @tripplec

        Seems to me that the hackers you are referring to are almost always using OSX or linux machines to do there work. I think it was Black Hat 2009 that they had the laptop competition where the Mac fell first followed by windows about 20 minutes later and the Ubuntu machine never did get cracked. If you know what you are doing you can get under the hood in OS X and lock it down as tight as the afore mentioned Ubuntu machine owing to it's root in Free BSD. Windows on the other hand has it's source code locked down tight thus tying the hands of users and forcing them to wait for redmond to put out a one size fits all generic solution. Any OS is vulnerable, at least Linux and FreeBSD grant you the capability to be proactive. Windows is for people who need somebody else to coddle them.
        visgodred
        Reply Vote

      • Hackers port trojan from Linux to OS X

        @tripplec
        And then you install the latest ubuntu and it takes you down without even needing a trojan or virus.
        oterrya
        Reply Vote

      • RE: Hackers port trojan from Linux to OS X

        @Bates_ Well, I'm using linux now. My Windows went down and I'm too busy to try and get it fixed right now. Linux is fine and with the exception of a couple of proprietary programs rarely miss windows. But I'm not one of those worshippers at the Linux shrine, nor am I stupid enough to believe that somehow a linux OS is air tight. Linux and Apple have been fairly virus free just because they weren't big enough or visible enough for the hackers to care. Now, apple is getting a lot of buzz mostly from there Ipad and Iphone, but they are visible again. And more government agencies and a growing number of businesses are finding it economical to install open source software and work in the cloud, so Linux has grown enough to catch their attention.

        Security still comes down to having some good anti-virus software up to date on your machine, and being careful of the links you click and the email attachments you open.
        webservant2003@...
        Reply Vote

      • RE: Hackers port trojan from Linux to OS X

        @Bates_ Tight as Virgin :)
        thandermax
        Reply Vote

      • A Trojan - So Not Passively Installed

        @Bates_
        You do realize that, as bobiroc actually alluded to, a Trojan has to be actively installed, right? Trojans will always succeed as long as you can trick system administrators into installing them. They don't reflect on system security one way or the other.
        CFWhitman
        Reply Vote

      • RE: A Trojan - So Not Passively Installed

        @CFWhitman<br><br><i>You do realize that, as bobiroc actually alluded to, a Trojan has to be actively installed, right? Trojans will always succeed as long as you can trick system administrators into installing them. They don't reflect on system security one way or the other.</i><br><br>Which is why viruses and worms do not get on a Windows Machine today (and have not for years) unless a Trojan or some other Malware tricks the user into installing it and then opens up the door to viruses and worms. It is either that or if a machine has had it's security disabled or behind on patching. The problem is that many people are stuck on the term virus when it is Trojans and other forms of Malware that are the dominant force in infecting computers today because it is easier to trick the operator of the computer than trying to circumvent the security of the OS.
        bobiroc
        Reply Vote

      • RE: Hackers port trojan from Linux to OS X

        @oterrya - I'm running the latest Ubuntu on my desktop and laptop, and they run just fine. Did you have a point in there somewhere?
        LeonBA
        Reply Vote

    • RE: Hackers port trojan from Linux to OS X

      I think the real big deal will be when malware begins affecting iOS, as the industry is predicting that the iOS is going to dominate Internet by 2013 and continue through 2017.
      razworks
      Reply Vote

      • RE: Hackers port trojan from Linux to OS X

        @razworks actually no, IOS is not dominating, is no2 and is loosing margins... no1 is android and is gaining margins.
        Cosminv
        Reply Vote

      • RE: Hackers port trojan from Linux to OS X

        @razworks
        ow! you made me snort coffee out my nose!
        john-whorfin
        Reply Vote

    • RE: Hackers port trojan from Linux to OS X

      LOL! - You mean I should just ignore the fact my JBoss servers started magically running two extra war file instances due to a flaw in how jmx-console handles HEAD commands? Or that my servers started running pnscans across random class B networks, looking to infect/reinfect other JBoss servers?

      It's the equivalent of the Slammer worm for JBoss instead of MSSQL servers....
      GoogleThis: mbean inspector zecmd.war
      - anybody else wondering why these JBoss servers are exposing their data internals without a login...?

      But, hey... If the Anti-Windows Crowd says I am totally secure with my securelinux allowing this to happen, then who am I to argue?

      (Oh, it's not the OS, it's the app... Right. Go read cuckoo's egg again.)
      briank@...
      Reply Vote

      • RE: Hackers port trojan from Linux to OS X

        @briank@...

        There is no safe. There is only safer.
        tkejlboom
        Reply Vote

    • RE: Hackers port trojan from Linux to OS X

      @bobiroc What I love about those OSs, they don't have scanners, so as long as they don't know about it, it doesn't exist in their books ;) Seems like prime real estate to be taking your information out to lunch with me.
      thoiness
      Reply Vote

      • Um, Scanners exist for Linux and OS X

        @thoiness
        ClamAV scans for Windows, OS X, and Linux malware. It runs on all three operating systems as well.
        CFWhitman
        Reply Vote

      • RE: Hackers port trojan from Linux to OS X

        @thoiness <br>actually they DO have scanners. and have had them for a very long time. linux has antivir(my personal favorite), clamav(which sucks), fprot(which isn't much better then clamav IMO), there's a couple others, that seem to have slipped my mind. mostly though they keep linux users from passing viruses on to windows users. there's only what? 10 viruses for linux? all of which were created in a lab as proof of concepts, none of which have ever been implemented. and yeah, those scanners do have the defs for those as well. <img border="0" src="http://www.cnet.com/i/mb/emoticons/wink.gif" alt="wink">
        sir_cheats_alot@...
        Reply Vote
CNET Join | Log In | Privacy | Cookies Close