Mac botnet using Reddit to spread infections
Posted by: Timothy Weaver on 10/03/2014 09:46 AM
[
Comments
]
According to Russian anti-virus firm Dr Web, a zombie network has infected over 17,000 machines running OS X. The hackers are using messages posted on Reddit as a navigational aid which points infected machines towards command and control servers.
These compromised machine "phone home" to these command nodes to get instructions on what to do. Dr Web has more detail:
To acquire a control server address list, the bot uses the search service at reddit.com, and — as a search query — specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.
According to veteran security watcher Graham Cluley: "Reddit isn’t spreading the infection – it’s simply providing a platform that is helping the botmasters communicate with the Mac computers they have managed to infect."
Dr Web researchers estimate most of the victims of the botnet are US-based.
These compromised machine "phone home" to these command nodes to get instructions on what to do. Dr Web has more detail:
To acquire a control server address list, the bot uses the search service at reddit.com, and — as a search query — specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.
According to veteran security watcher Graham Cluley: "Reddit isn’t spreading the infection – it’s simply providing a platform that is helping the botmasters communicate with the Mac computers they have managed to infect."
Dr Web researchers estimate most of the victims of the botnet are US-based.
Comments
