Sunday, October 5, 2014

A Botnet Powered by Reddit...

A new worm incorporating the so called "internet's frontpage" has infected over 17,000 Mac computers, creating a botnet capable of executing commands on every one of those systems. The Mac.BackDoor.iWorm or Mac.OSX.iWorm uses a combination of two social networking giants, Reddit and Minecraft to achieve its goal of secretly existing in the background of the computer, without the users knowledge.

The way this particular exploit works is it sifts through the 'minecraftserverlist' subreddit to retrieve information from its Command and Control IP addresses. It then installs itself in the users home folder, disguised as an addon for another application and generates a script to launch at every start up. It uses a MD5 hash algorithm to encode its information every time it connects to Reddit's search page. The three results from this search contain all the IP addresses necessary to fully connect to its Command Center. It's interesting to see how a very large social network used in conjunction with one of the most popular games on the planet can be used to perform such a malicious task. It's important to note that while Minecraft the game in itself was not used in the exploit,  the brand simply served as a disguise on Reddit. People don't associate Minecraft with hacking, which made it the perfect choice. The person behind this decided to hide in plain sight, successfully hiding long enough to infect thousands of users.

While the Reddit account and posts have been since deleted, the damage has been done as the initial botnet continues to exist on these systems. Some of the systems and networks have fixed the issue, but there are many more that might be unaware of this service running in the background. Who knows what the mastermind behind this has planned in the future, as the possibility of running additional commands on these systems is entirely possible. A new botnet stemming from these systems is also possible and unfortunately might already exist.

This brings into perspective the fact that anything that connects to the internet is possible of being infected. For many years people often bought Mac computers because they heard that "Macs don't get viruses" and this is the perfect example that a generalization like that is simply untrue. The number of Macs has increased dramatically over the last decade and as the popularity of the platform increases, so will the interest of hackers. Therefore, it's important to utilize extreme caution when downloading anything from the internet, regardless of the platform used.

Source: LINK

No comments:

Post a Comment