14 DAY TRIAL // Late as always, Apple has responded to the Mac.BackDoor.iWorm threat unearthed by Dr. Web last week by sending an Xprotect update to users worldwide, thus updating their systems’ malware definitions.
Last week, it was reported that there were more than 17,000 unique IP addresses associated with Macs infected with the malware in question.
A word about Mac.BackDoor.iWorm
Dr. Web revealed in a lengthy analysis last week that “When Mac.BackDoor.iWorm is initially launched, it saves its configuration data in a separate file and tries to read the contents of the /Library directory to determine which of the installed applications the malware won't be interacting with.”
The security company explained how the malware worked its magic, saying, “If ‘unwanted’ directories can't be found, the bot uses system queries to determine the home directory of the Mac OS X account under which it is running, checks the availability of its configuration file in the directory, and writes the data needed for it to continue to operate into the file.”
Finally, the virus opens a port, connects to remote servers, and awaits instructions from its creators. So what is Apple doing about it? Well, in typical fashion, a few days after the malware made the news, they updated the Xprotect anti-malware mechanism on every Mac.
Not an update that you download
Apple’s update is not some DMG image that you download from the company’s support site and then install it. Instead, the company just sends this small packet of information to your Mac without asking you.
It comes in the way of a few code strings that update the Xprotect malware definitions inside your Mac. You don’t need to give your permission for that, and frankly, it’s for your own good.
What about Shellshock?
Don’t mistake this piece of malware for the Bash UNIX flaw that was also reported last week. That’s something different altogether, and for that one there is a downloadable update for your Mac that you’ll need to install.
According to the Cupertino company, because of an issue that existed in Bash's parsing of environment variables, “In certain configurations, a remote attacker may be able to execute arbitrary shell commands.”
Some researchers say Apple could have done more to protect users, as in the OS X Bash Update doesn’t fully protect users against hacking. However, there are no reported cases of anyone having their data compromised by means of exploiting this vulnerability. You can download OS X Bash Update 1.0 right now from Softpedia.