New Mac OS X email worm discovered
The worm propagates through emails harvested from infected hosts, and has a backdoor functionality allowing its author to perform the following actions if a successful remote connection is established - attempts to create a botnet, has keylogging functionality, and can also perform DDoS attacks as well as send spam,
Despite the similarities of its features with the ones of OSX.Trojan.iServices.A (the iBotnet OS X malware), Tored is not currently spreading in the wild, in fact some vendors are calling it lame and state that it will never spread successfully due to the bugs in its code, next to the the spelling mistakes within the messages it uses for email spreading:
"OSX/Tored is different, however, because it is an email-aware worm which attempts to scoop up email addresses from your infected Mac computer and forward it to others. Its intended purpose, and presumed origin, is revealed in the opening comments of its RealBasic source code:
/ First Mac OS X Botnet /Backdoor.OSX.Raedbot.C ,Reconnaissance worm/bot /(c) Ag_Raed , Tunisia
Bugs in the worm's code, however, mean it is unlikely that you will ever encounter it, even if the author had taken the time to correct the many spelling mistakes in the emails it tries to send. So don't lose too much sleep."
For instance, OSX.RSPlug.D, OSX.RSPlug.E and OSX.Trojan.PokerStealer all pretend to be harmless applications, and OSX.TrojanKit.Malez requires that the attacker must already have access to the host in order to backdoor it.
Recently, Jon Oltsik speculated that "Within the next 18 months, Apple will begin recommending that Macintosh users install Internet security software on all systems."
What do you think? Talkback.