Apple Makes Move To Shut Down Mac Botnet
Just days after the discovery of a botnet composed of thousands of Macs, Apple released an update to its OS X antimalware component that combats the malware associated with the infections. Updated over the weekend, the little publicized XProtect feature in OS X now includes definitions to prevent three variations of the Mac.BackDoor.iWorm malware from installing on new machines.
The weekend also yielded more research that showed The Pirate Bay likely played a big role in the propagation of iWorm on affected machines. Acting on a tip from a different anonymous researcher, the independent researcher Thomas Reed confirmed on his The Safe Mac blog that the iWorm installer was found in a pirated Photoshop install package modified to hide the malicious executable. In his tests, Reed found that he first had to override the Apple Gatekeeper restrictions, which warns users installing the malicious executable that the application they are attempting to run contains unsigned code. However, this warning message would likely do nothing to deter users knowingly installing pirated software; they would expect the contraband software to be modified to get around anti-piracy measures.