A botnet has reportedly enslaved 17,000 endpoints and has used a Reddit server as its command and control (C&C) server.
According to a discussion, the Mac.BackDoor.iWorm malware has snared PCs and Macs into the botnet. It is capable of discovering what other software is installed on the machine, opening a port on it, and sending a query to a web server to acquire the addresses of the C&C servers, reported Net Security.
According to research by Dr Web, as of September 29th, 18,519 unique IP addresses were used by infected computers to connect the botnet created by hackers using this backdoor.
The Reddit factor came into play when the backdoor applied the MD5 hash function to the value and sent a query to reddit.com. “The reddit.com search returns a web page containing the list of botnet C&C servers and ports published by criminals in comments to the post minecraft server lists under the account vtnhiaovyd. The server list is retrieved repeatedly at five-minute intervals,” it said.
Security analyst Graham Cluley said in a blog that this is not really Reddit’s fault, as they have done nothing wrong as such, and even if they shut down the accounts that are communicating with the botnet there would be nothing to stop the hackers behind the campaign creating new accounts or using an alternative service to communicate with the compromised computers.
“It’s important to stress that Reddit isn’t spreading the infection – it’s simply providing a platform that is helping the botmasters communicate with the Mac computers they have managed to infect,” he said.
TK Keanini, CTO of Lancope, said: “It was less than ten years ago when you would hear people say they were moving to the Mac because Windows was too insecure. Today, everything is fair game and being actively targeted by the attackers.
“Just look back over the past year, and Windows has taken a back seat in the news to exploitation and vulnerabilities in Linux and OSx. With Linux being the OS of choice for the Internet of Things, my bet is that over the next two to three years, botnets will target Linux and mobile OS’s more since the population numbers are attractive regarding always connected devices.
“Dr Web did a great job here identifying this and publishing the details but remember that once this genie is out of the bottle, it never goes back in. This particular botnet will begin to co-evolve as countermeasures are put in place and they engineering and innovate around them.”