Tsunami, a new backdoor for Mac OS X
Malware authors have taken an old piece of malware developed for Linux and have modified it to attack the Mac OS X platform, warns ESET.
The OS X malware has been named Tsunami after the original, and the name hints at its main function: roping the targeted computer into a botnet for executing Distributed Denial of Service attacks.
Tsunami is controlled through IRC, and it contains a hardcoded list of IRC servers and channels to which it tries to connect one its entrenched on the victim’s computer.
As one can read from the list of commands that can be sent from the C&C server to the client program, the malware allows many other things:
What should worry users the most is that once Tsunami is installed on their computers, it can download further files (other malware or an update of its functionalities) and execute shell commands.
It is still unknown what attack vector is used to land this particular piece of malware on the targeted machines, but it is safe to say that users should definitely decline any overt offers of making their computers part of a botnet, be extremely careful about unsolicited emails carrying attachments or embedded links, and keep their AV solutions up to date.