/>
X

New Mac OS X email worm discovered

A newly discovered email worm dubbed OSX/Tored-A once again puts the spotlight on the potential worm-ability, and malware spreading tactics targeting Apple's OS X.
Written by Dancho Danchev on

A newly discovered email worm dubbed OSX/Tored-A once again puts the spotlight on the potential worm-ability, and malware spreading tactics targeting Apple's OS X.

The worm propagates through emails harvested from infected hosts, and has a backdoor functionality allowing its author to perform the following actions if a successful remote connection is established - attempts to create a botnet, has keylogging functionality, and can also perform DDoS attacks as well as send spam,

Despite the similarities of its features with the ones of OSX.Trojan.iServices.A (the iBotnet OS X malware), Tored is not currently spreading in the wild, in fact some vendors are calling it lame and state that it will never spread successfully due to the bugs in its code, next to the the spelling mistakes within the messages it uses for email spreading:

"OSX/Tored is different, however, because it is an email-aware worm which attempts to scoop up email addresses from your infected Mac computer and forward it to others. Its intended purpose, and presumed origin, is revealed in the opening comments of its RealBasic source code:

/ First Mac OS X Botnet /Backdoor.OSX.Raedbot.C ,Reconnaissance worm/bot /(c) Ag_Raed , Tunisia

Bugs in the worm's code, however, mean it is unlikely that you will ever encounter it, even if the author had taken the time to correct the many spelling mistakes in the emails it tries to send. So don't lose too much sleep."

Excluding such notable OS X pieces of malware such as last year's ARDAgent-based trojan exploiting a local root escalation vulnerability in Mac OS X 10.4 and 10.5, the rest of the newly discovered OS X malware continues relying on social engineering tactics (fake codecs such as CodecUpdate.v1.18.dmg; License.v.3.411.dmg etc.) in order to spread.

For instance, OSX.RSPlug.D, OSX.RSPlug.E and OSX.Trojan.PokerStealer all pretend to be harmless applications, and OSX.TrojanKit.Malez requires that the attacker must already have access to the host in order to backdoor it.

Recently, Jon Oltsik speculated that "Within the next 18 months, Apple will begin recommending that Macintosh users install Internet security software on all systems."

What do you think? Talkback.

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
Samsung phone deal: Get the Galaxy S22 Ultra for $299
1296x729-29

Samsung phone deal: Get the Galaxy S22 Ultra for $299

Smartphones
The best iPhone deals available right now: July 2022
iphone 12 vs iphone 11 cnet.jpg

The best iPhone deals available right now: July 2022

iPhone