News of a piece of malware infecting Mac OS X computers surfaced over the weekend as some 17,000 systems fell prey to the unusual attack. First noticed by Dr.Web, the malware used Reddit as a command and control (C&C) server to receive instructions. Fortunately, Apple has moved quickly and is now in the process of rolling out updated malware definitions to prevent the malware from installing itself on Macs.
Currently known as iWorm, the malware appears to have been hidden in a Minecraft mod; although this attack vector has not yet been confirmed. It then disguises itself as a Java programme before attempting to write itself into the system configuration folder. Once this is done, iWorm attempts to contact a now closed subReddit for instructions. At that point it would connect to the Reddit servers and perform a search on the website for post headlines that would tell it what to do.
The use of Reddit as a C&C server prevents security companies from bringing it down, ensuring that the botnet will always have a venue to receive new orders. Reddit itself is aware of the issue and has closed the offending subReddit, however it is still likely the people behind the botnet will choose another subReddit as their C&C forum.
Developer Jacob Salmela has provided some instructions for locating the malware and removing it manually, for those who want to be extra sure that they are not currently being infected by a Reddit reading botnet.
[Source: Dr. Web]
