Apple Updates Xprotect Malware Definitions To Shut Down 'iWorm' Mac Botnet
Apple this weekend updated its XProtect blacklisting system for malware on OS X to address the recent iWorm attack, which is believed to have has infected more than 18,000 Macs. MacRumors and Business Insider noted that a modification to the XProtect.plist.plist file was released on October 4. It included definitions to safeguard users against three variations of the iWorm malware. They were OSX.iWorm.A and OSX.iWorm.B and OSX.iWorm.C.
Security researchers at Russian antivirus company Dr Web discovered that the iWorm malware was targeting OS X computers. It also formed a botnet using the Reddit server list. Although it is not certain how the malware was spread, a report from The Safe Mac suggests that the malware was packaged with pirated Mac software downloaded from The Pirate Bay.
In addition to Apple's antimalware actions, Reddit also shut down the fake Minecraft subreddit and banned the account that was posting the iWorm botnet server list to the subreddit's forum. iWorm-controlled Macs cannot connect to botnet servers used by hackers to send instructions.