Security researchers at ESET and Sophos have discovered that hackers have gone out of their way to port an old Linux backdoor trojan to the Mac OS X platform, extending their reach of computers that they can use as part of their botnets.
Part of the original C source code for Tsunami, then known as Kaiten.
(Screenshot by Michael Lee/ZDNet Australia)
According to the researchers, the trojan, named Tsunami, connects to an IRC channel and awaits commands from hackers. Those commands include instructions to flood a server with requests, which combined with the efforts of other compromised computers results in a distributed denial-of-service attack.
It can also download files to the compromised machine, allowing it to update itself or install additional malware and has the ability to execute any command of the attacker's choosing, essentially giving them complete control.
The C source code for the Linux variant has been available in the public for some time, making it easy for anyone to change the hardcoded IRC servers' infected bots to join or modify the code for multiple platforms.
However, the trojan has no method of spreading, meaning a separate vulnerability would have to be exposed to upload the malware covertly, or users would have to choose to let their Mac become part of a hacker's botnet.