Hacker News new | past | comments | ask | show | jobs | submit login
New Mac OS X botnet discovered (drweb.com)
19 points by Deinos on Oct 3, 2014 | hide | past | favorite | 9 comments



To see if you haven't got it:

In terminal run:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

You should get this error:

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

Then run:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

You should get this error:

The domain/default pair of (/Users/YOURUSER/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

If you do you are clean of this variant!

If this doesn't happen go to http://www.f-secure.com/v-descs/trojan-downloader_osx_flashb... to fix it


That is for the Flashback trojan, but this is a new trojan, according to the post.


It's hard to believe, the claim is that is uses Reddit's search functionality to find connection addresses. I've never been able to find anything using Reddit's search.


Many independent reports of this, but I haven't seen any instruction for detecting or fixing

http://www.tuaw.com/2014/10/03/thousands-of-macs-infected-wi...


At least for detection (from the article): "During installation it is extracted into /Library/Application Support/JavaW, after which the dropper generates a p-list file so that the backdoor is launched automatically."


Hmm. I've never heard of drweb.com before, and there's no instructions on how to detect the worm, but they want to sell me anti-virus software.

This might be legit, but I'll wait and see if this appears anywhere else before I trust it as being valid.


Yes, I was a little suspicious myself, although looking at their wikipedia page it does seem to be a genuine company.

https://en.wikipedia.org/wiki/Dr._Web

Also, more info here seems to support the fact that they are the real deal:

https://en.wikipedia.org/wiki/Trojan_BackDoor.Flashback

(as usual with wikipedia, you should check the original sources to verify).


Has there ever been a company that covertly creates a virus and releases it into the wild, and then "catches" it and sells an anti-virus remedy?


I've never even heard of drweb....I dont see any other security companies reporting on this.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: