Linux Tsunami Opens Backdoors on OS X

An improved version of an old OS X malware hits the internet

A new Mac OS X piece of malware, derived from the 2002 backdoor called Linux/Tsunami, has been discovered. Detected by ESET as OSX/Tsunami.A, it opens an IRC controlled backdoor that infects the victim device to become a bot for DDoS attacks and much more.

The researchers at ESET analyzed the sample and realized that it contains a list of hardcoded IRC servers and channels which the virus tries to connect to. The client is then exposed to receive numerous commands from the channel, including requests to kill the knight and all the current packeting, download a file from the web, SYN and UDP flooders and change the spoofing to a subnet.

It can also send and execute commands while the ENABLE and DISABLE controls allow it to manage the packeting from the bot.

These instructions will allow a cybercriminal not only to execute Distributed Denial of Service attacks but also to download additional malicious elements and updates to Tsunami's code.

The possibility to execute commands practically give it the power to entirely take over the infected device.

The largest difference between the new and the old variant is that the latest version is a 64-bit Mach-O binary, unlike the previous which was an ELF binary. From the functionality perspective, it's basically the same as the one discovered back in 2002 with only minor changes.

As it turns out, malware that targets OS X operating systems is rare but highly efficient when it comes to doing damage. Fortunately, as they're fewer than on Windows, security researchers can keep a close eye on them to make sure things don't get out of hand.

Most Mac enthusiasts probably don't fear viruses as much as Microsoft product owners, but that doesn't mean they shouldn't install some form of a security software, just to make sure they're properly protected.

Hot right now  ·  Latest news