E46 BMW Social Directory E46 FAQ 3-Series Discussion Forums BMW Photo Gallery BMW 3-Series Technical Information E46 Fanatics - The Ultimate BMW Resource BMW Vendors General E46 Forum The Tire Rack's Tire Wheel Forum Forced Induction Forum The Off-Topic The E46 BMW Showroom For Sale, For Trade or Wanting to Buy

Welcome to the E46Fanatics forums. E46Fanatics is the premiere website for BMW 3 series owners around the world with interactive forums, a geographical enthusiast directory, photo galleries, and technical information for BMW enthusiasts.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact us.

Go Back   E46Fanatics > Everything Else > The Off-Topic > General Off-Topic

General Off-Topic
Everything not about BMWs. Posts must be "primetime" safe and in good taste. You must be logged in to see sub-forums.
Click here to browse all new posts.

Reply
 
Thread Tools Search this Thread Rate Thread Display Modes
Old 10-03-2014, 02:00 PM   #1
cowmoo32
drunken science
 
cowmoo32's Avatar
 
Join Date: Jul 2003
Location: Raleigh, NC
Posts: 5,533
My Ride: Trek 1.5
Mac Virus Found Controlling 17k Computers as Botnet

http://news.drweb.com/show/?i=5976&lng=en

Quote:
New Mac OS X botnet discovered

September 29, 2014

In September 2014, Doctor Web's security experts researched several new threats to Mac OS X. One of them turned out to be a complex multi-purpose backdoor that entered the virus database as Mac.BackDoor.iWorm. Criminals can issue commands that get this program to carry out a wide range of instructions on the infected machines. A statistical analysis indicates that there are more than 17,000 unique IP addresses associated with infected Macs.

Criminals developed this malware using C++ and Lua. It should also be noted that the backdoor makes extensive use of encryption in its routines. During installation it is extracted into /Library/Application Support/JavaW, after which the dropper generates a p-list file so that the backdoor is launched automatically.

When Mac.BackDoor.iWorm is initially launched, it saves its configuration data in a separate file and tries to read the contents of the /Library directory to determine which of the installed applications the malware won't be interacting with. If ‘unwanted’ directories can't be found, the bot uses system queries to determine the home directory of the Mac OS X account under which it is running, checks the availability of its configuration file in the directory, and writes the data needed for it to continue to operate into the file. Then Mac.BackDoor.iWorm opens a port on an infected computer and awaits an incoming connection. It sends a request to a remote site to acquire a list of control servers, and then connects to the remote servers and waits for instructions. It is worth mentioning that in order to acquire a control server address list, the bot uses the search service at reddit.com, and—as a search query—specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.

screen

The bot picks a random server from the first 29 addresses on the list and sends queries to each of them. Search requests to acquire the list are sent to reddit.com in five-minute intervals.

While establishing a connection to the server whose address is picked from the list using a special routine, the backdoor attempts to determine whether the server address is on the exceptions list and engages in a data exchange with the server to employ special routines for authenticating the remote host. If successful, the backdoor sends the server information about the open port on the infected machine and its unique ID and awaits directives.

Mac.BackDoor.iWorm is able to perform two types of commands: different directives depending on the binary data provided and Lua scripts. Basic backdoor commands for Lua-scripts can be used to perform the following actions:

Get the OS type.
Get the bot version.
Get the bot UID.
Get a value from the configuration file.
Set a parameter value in the configuration file.
Remove all parameters from the configuration file.
Get bot uptime.
Send a GET query.
Download a file.
Open a socket for an inbound connection and then execute the commands received.
Execute a system instruction.
Sleep.
Ban a node by IP.
Clear the list of banned nodes.
Get the node list.
Get a node IP.
Get node type.
Get node port.
Execute a nested Lua-script.

Information collected by Doctor Web's researchers shows that as of September 26, 2014, 17,658 IP addresses of infected devices were involved in the botnet created by hackers using Mac.BackDoor.iWorm. Most of them—4,610 (representing 26.1% of the total)—reside in the United States. Canada ranks second with 1,235 addresses (7%), and the United Kingdom ranks third with 1,227 IP addresses of infected computers (6.9% of the total). The late September 2014 geographical distribution of the botnet created with Mac.BackDoor.iWorm is shown in the following illustration:
__________________

flickher

What's this about a brownie in motion?
cowmoo32 is offline   Reply With Quote
Old 10-03-2014, 02:01 PM   #2
casino is no lie
Registered User
 
Join Date: Jan 2012
Location: CDT
Posts: 76
My Ride: M54B30
I was looking for an excuse to throw out my laptop and buy a new one. Thanks.
__________________
casino is no lie is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Censor is ON





All times are GMT -5. The time now is 12:19 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
(c) 1999 - 2011 performanceIX Inc - privacy policy - terms of use