Apple updates Xprotect malware definitions to shut down 'iWorm' Mac botnet
Apple this weekend updated its XProtect malware blacklisting system in OS X to address the recent iWorm attack that allegedly infected more than 18,000 Macs. As noted by MacRumors and Business Insider, a change to the XProtect.plist file released on October 4 contained definitions to protect users from three variants of the iWorm malware, including OSX.iWorm.A, OSX.iWorm.B, and OSX.iWorm.C.
Discovered by security researchers at Russian anti-virus company Dr Web, the iWorm malware targeted OS X machines, forming a botnet that was organized using a server list posted on Reddit. It is not known how the malware was spread, but an anonymous tip provided to The Safe Mac suggests the malware was bundled with pirated Mac software downloads available on The Pirate Bay.
In addition to Apple's anti-malware actions, Reddit also shut down a fake Minecraft subreddit and banned the account that was posting the iWorm botnet server list to the subreddit's forums. Without these posts, iWorm-controlled Macs are unable to connect to the botnet servers that are used by hackers to send instructions to the infected machines.
