All of the information I've seen about this "worm" comes from a single anti-virus vendor I've never heard of, and the information is painfully thin -- most critically, there is no information at all on how it's spread.<p>This particular headline (which, to be fair, does not come from the linked page) uses the word "exploit", but there is no evidence of what, if any, flaw is being exploited.<p>"Worm" has a rather specific meaning. It's malware that self-propagates through a network. Strictly construed, the only way this can happen is if there is a security flaw being exploited. A looser definition includes things like the infamous "ILOVEYOU" "worm", that automatically distributes itself, but requires user interaction to infect a target.<p>In this case, neither means of distribution is in evidence.<p>At this point, I'm skeptical that this "worm" exists at all.
In Linux, one way I protected my webserver in the past was to just do:<p><pre><code> cd /; sudo git init; git add /etc /{bin,sbin,lib} /usr/{bin,sbin,lib,local} ... ; sudo git commit
git clone / into another remote server, and I can git diff from time to time to see if anyone/code mod my system.
One very nice side effect of this system is that I got to know in details what files were modded and added when ever I did an "apt-get install ..."
</code></pre>
Questions for mac Guru:<p><pre><code> 1. Have anyone done this in Mac?
2. Any pro/con on why, why not do this?
3. Other than, /{bin,sbin,lib} /etc, /usr/{bin,sbin,lib},
What other dirs should I add?
What's best way to handle /Applications/ (25GB ) ?
4. What other dirs can a worm,virus, hide in my Mac?
Any good dtrace scripts to help monitor who/what is writing to those places?</code></pre>
Alright, now how does this spread? How would I get this piece of malware onto my computer? Do I need to browse the web? Do I need to install a piece of software that is vulnerable?<p>That's what I care about, how can I protect myself against this, and saying "Buy Anti Virus software" is NOT the right answer.<p>All I see so far from other reports is that you would have had to install software, bypass the signing requirement and that software had to come from a less than legitimate location to carry with it the malware ...
The reported signature goes back to a backdoor found in 2009: <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2009-012620-2836-99" rel="nofollow">http://www.symantec.com/security_response/writeup.jsp?docid=...</a><p>Looks like you have to install an unsigned app plus give it admin permissions, so not a worm.
<a href="http://appleinsider.com/articles/14/10/03/iworm-malware-controls-macs-via-reddit-more-than-17k-affected" rel="nofollow">http://appleinsider.com/articles/14/10/03/iworm-malware-cont...</a><p>Because iWorm extracts into a folder on OS X, users can check if their Mac is infected by navigating to "Go > Go to Folder" from the OS X Finder menu and typing in /Library/Application Support/JavaW. If OS X cannot find the folder, the computer is clear. If the folder is found, however, users are urged to employ an anti-virus program to wipe iWorm from their hard drive.
I would really love to submit this encryption method to the PCI auditors.... "uses encryption extensively".<p>Edit: seriously? The first example is a shift cipher and a one time pad of all 'M'.
Guys, this is such obvious scare propaganda to sell you their anti-virus software (which I would be more scared about installing).<p>Basically their pitch is: Be afraid, be a afraid, there is this malware we have no idea how it gets to your computer, but we have it and have analyzed what it does. And did you know that if you had our antivirus program you would be completely safe.<p>And as it turns out it's just another trojan horse that has to be installed by user to work.<p><a href="http://www.thesafemac.com/iworm-method-of-infection-found/" rel="nofollow">http://www.thesafemac.com/iworm-method-of-infection-found/</a>
More information here:
<a href="http://www.thesafemac.com/dr-web-announces-new-iworm-malware/" rel="nofollow">http://www.thesafemac.com/dr-web-announces-new-iworm-malware...</a>
The reddit thread [1] explains that the worm was posting information on /r/minecraftserverlists, presumably as a way to easily, anonymously, and publicly store and retrieve information.<p>Just last week in the thread on the twitter image bots [2] someone postulated:<p>>I wonder if you could build some kind of distributed neural net on top of twitter or another social network. Find some way to get nodes with very little computation power hidden within a free app, webpage, screensaver or something[1], and use twitter as a communications channel instead of IRC or whatever.<p>...<p>> Or a botnet, if you're feeling evil.<p>[1]<a href="http://www.reddit.com/r/news/comments/2i6rte/hackers_have_found_a_flaw_in_macs_and_are_using/ckzdvf4" rel="nofollow">http://www.reddit.com/r/news/comments/2i6rte/hackers_have_fo...</a><p>[2]<a href="https://news.ycombinator.com/item?id=8377985" rel="nofollow">https://news.ycombinator.com/item?id=8377985</a>