what is iworm and what happens to infected mac's
what is iworm and what does it do
MacBook Pro
It's a Trojan. Meaning, you have to download and install it in some way. Once on your system, it turns your Mac into a bot.
11 replies
9:14 pm Friday; October 3, 2014
iMac 2.5Ghz i5 2011 (Mavericks 10.9)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
Couple of iPhones and an iPad
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
Couple of iPhones and an iPad
Kurt Lang wrote:
It's a Trojan. Meaning, you have to download and install it in some way.
Kurt,
Where are you hearing this? There are at least a half-dozen of us with our ears to the ground to determine the attach vector and all sources claim it to be undetermined. A couple of rumors it might be Java or shellshock related, but no proof. Some testing is ongoing with currently available samples to figure out how certain files are being installed without an admin password, but even those have been inconsistent. Worst case would be a drive-by infection without a requirement to voluntary download.
Old and incorrect news. I was relaying info from another post, which you later entered and said, "No, this is something different." Please ignore my comment above. It very likely has no relation to the current Trojan.
Thomas Reed discovered where it's coming from, via a tip someone emailed hIm. Surprise, surprise, the Trojan is part of illegal software downloads from Pirate Bay and other such sources.
Kurt Lang wrote:
Thomas Reed discovered where it's coming from, via a tip someone emailed hIm. Surprise, surprise, the Trojan is part of illegal software downloads from Pirate Bay and other such sources.
Yes, he e-mailed me early this morning that he had it and our "victim's" first thought was that he got it from a torrent, so that looks to confirm it. Still a few details to work out on what appear to be optional file installations, but that should be enough to get the wheels turning at Apple and other A-V shops.
Since there seems to be very little information out there about this, here's my experience for what it's worth-
I noticed that I got the virus early yesterday morning. I don't use torrents, download very limited things (such as my own files off Dropbox or Google Drive, Facebook album photos, Bandcamp albums), and only install official software and updates. I don't download pirated content.
My activities when the infection became apparent was using Chrome and Firefox for Google Drive/Docs, Gmail, Imgur, Dailymotion, The New Yorker, Reddit, and reading some blogs (variously hosted).
Virus' activities involved opening Stickies and Filezilla (downloaded 5+ years ago for work and not used since then).
I've scanned my hard drive and searched for the JavaW as the Dr Web link suggested, but have not found anything.
Here's some more information about this: http://www.thesafemac.com/iworm-method-of-infection-found/
Simply put: if there's no trace of JavaW on your hard drive, then your issues are not caused by this virus trojan.
IIOOII wrote:
I noticed that I got the virus early yesterday morning.
...
I've scanned my hard drive and searched for the JavaW as the Dr Web link suggested, but have not found anything.
Then you don't have the virus. Why are you saying you do?
Apple is in the process of updating XProtect for OSX.iWorm.A, OSX.iWorm.B, & OSX.iWorm.C.
Mountain Lion and above are version 2050, Lion version 1060 and Snow Leopard version 75.
You should be receiving the update within the next 24-hours.
what is iworm and what happens to infected mac's