Apple And Reddit Have Shut Down The iWorm Virus That Took Control Of People's Macs
Business Insider reported on Friday that a Russian security firm discovered a piece of malicious software known as "Mac.BackDoor.iWorm." that was being found on Mac computers around the world. The bug gave hackers control of the computer, and could have been used to send spam emails, crash websites, or mine Bitcoin. However, there's no evidence that hackers even got the chance to use their botnet before it was discovered.
Mac Rumors reported on Saturday that Apple updated its Xprotect software to protect against the iWorm program. Xprotect is the anti-virus program that comes installed with every Apple computer, so Mac users are theoretically safe from iWorm if their operating system is up to date.
Here's the updated Xprotext code that shows Apple has added iWorm to the list of blocked programs:
The iWorm virus was controlled in an inventive way. The virus searched Reddit for a fake Minecraft discussion forum that contained links to command servers operated by hackers.
After security firm Dr. Web announced the discovery of the bug, the Reddit account that the hackers used to share links to their commands servers was closed, and its posted deleted. Over the weekend. Reddit banned the fake Minecraft subreddit, meaning that the iWorm bug had no way to receive orders from the hackers controlling it.
Additionally, an anonymous tipster explained to The Safe Mac how iWorm spread. It's reported that the virus spread to Mac computers using pirated software downloads hosted on The Pirate Bay. Anybody who downloaded fake versions of Adobe Photoshop, Adobe Illustrator, Microsoft Office and Parallels from a Pirate Bay user named "aceprog" were asked for administrator access to install the pirated software. After a user approved the access, iWorm was able to install itself on the user's computer.