OS X botnet infects 17,000 Macs, awaits evil orders

A security firm has uncovered a botnet creeping onto Macs across the globe, giving hackers backdoor access to infected computers. The worm could be used to steal personal information or spread spam and other malicious software.

The botnot was developed using C++ and Lua and the backdoor uses extensive encryption before hiding itself in OS X. Oddly the list of command servers that the bonnet tries to connect to are listed on online forum Reddit in a post about Minecraft servers.

“Mac.BackDoor.iWorm opens a port on an infected computer and awaits an incoming connection. It sends a request to a remote site to acquire a list of control servers, and then connects to the remote servers and waits for instructions,” security firm Dr. Web explained after uncovering the botnet.

The botnet uses the list of 29 addresses on Reddit and sends requests to each of them. If a connection to one of the servers is successful the botnet sends information about the open port on the infected machine and lies in wait.

At present the botnet doesn’t appear to be active, indicating that it has been caught early. As of 26 September the OS X botnet had infected 17,658 IP addresses. Dr. Web said that 4,610 of those infected were in the USA, 1,235 in Canada and 1,227 in the UK.

Apple has already released an update to its built-in security system to protect Mac’s against the new worm while antivirus companies have also added it to their protection databases. Anyone concerned is urged to update their antivirus software and carry out a full system scan.