Lazy hackers port ancient Linux Trojan to Mac OS X
It's in limited circulation, likely still being tested, say experts
Computerworld - Hackers are testing new Mac malware that they've ported from a nine-year-old Trojan horse originally written for Linux, according to security experts.
The malware, dubbed "Tsunami," has been circulating in limited numbers since last week, said researchers at the Slovakian antivirus firm, ESET Security.
Tsunami first popped up last week, when ESET malware researcher Robert Lipovsky provided some bare bones information on the Trojan.
"We've seen backdoors [on the Mac] before, but these malware writers are simply reusing existing code instead of writing something new," said Lipovsky in an interview at the time. "It's a lot easier for them."
Lipovsky was referring to the code similarities between the Mac malware and a line of backdoor Trojans that targeted Linux machines as far back as 2002.
"The Linux [malware] is not directly compatible with the Mac OS X platform, but has to be recompiled," said Lipovsky. Unlike the older Linux malware -- also named Tsunami for one of its commands that launches a distributed denial-of-service (DDoS) attack -- the original Mac version was 64-bit.
In most other instances, however, Tsunami on the Mac is strikingly similar to its Linux ancestor, letting attackers issue commands to the infected computer via an IRC (Internet Relay Chat) channel to conduct DDoS attacks, or download additional malware and Trojan updates.
Tsunami for the Mac has been updated, added another ESET researcher, to insure it launched each time an infected Mac desktop or laptop was booted. The newer version, labeled "Tsunami.A," also used a different IRC channel and server for command-and-control, said ESET's Pierre-Marc Bureau in a follow-up blog post.
Lipovsky was unable to pin down how Tsunami's controllers infected Macs with the Trojan; Bureau also said that ESET wasn't sure what tactic attackers were using to plant the malware on machines.
But the short interval between editions and the limited use of the malware led ESET to believe that Tsunami's creators are still testing the Trojan. "They are [still] probably adapting the code, originally written for Linux, to the OS X platform," said Bureau.
U.K.-based Sophos said its analysis showed Tsunami's makers had also come up with a 32-bit version that would execute on older Macs that rely on the PowerPC processor.
Both ESET and Sophos rated the threat as minor.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!