Tsunami, a new backdoor for Mac OS X
Posted on 26.10.2011
Malware authors have taken an old piece of malware developed for Linux and have modified it to attack the Mac OS X platform, warns ESET.

The OS X malware has been named Tsunami after the original, and the name hints at its main function: roping the targeted computer into a botnet for executing Distributed Denial of Service attacks.

Tsunami is controlled through IRC, and it contains a hardcoded list of IRC servers and channels to which it tries to connect one its entrenched on the victim's computer.

As one can read from the list of commands that can be sent from the C&C server to the client program, the malware allows many other things:

What should worry users the most is that once Tsunami is installed on their computers, it can download further files (other malware or an update of its functionalities) and execute shell commands.

It is still unknown what attack vector is used to land this particular piece of malware on the targeted machines, but it is safe to say that users should definitely decline any overt offers of making their computers part of a botnet, be extremely careful about unsolicited emails carrying attachments or embedded links, and keep their AV solutions up to date.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th