Reanimated Linux Trojan haunts Mac OS X
Mac users need to be careful of what they're installing on their computers following the discovery of a new Trojan making its rounds. Security firms ESET and Sophos both say the malware is actually a port of a Linux "backdoor Trojan" that has been around for nearly a decade.
"In terms of functionality, the Mac variant of the backdoor is similar to its older Linux brother, with only the IRC server, channel and password changed," ESET malware researcher Robert Lipovsky says.
Backdoor Trojans are slightly different from your standard Trojan horse. While the Trojan itself just piggybacks on apparently legitimate software to infect a computer, the backdoor Trojan also opens up a security hole from which additional malware and instructions can be sent to the infected computer.
Referred to as "OSX/Tsunami-A" by Sophos, the Trojan connects to a preset list of IRC servers and channels to look for commands. From here, the hacker could launch denial-of-service attacks, and even attempt to access files on your computer.
It is not immediately clear what vulnerability OSX/Tsunami-A may be exploiting to allow the backdoor to open, if any.
The year 2011 has been a landmark year for Mac malware. May brought what is arguably the most successful Mac-based malware outbreak to date in Mac Defender, and there is a definite increase in the amount of Mac malware in the wild according to security researchers.
"We fully expect to see cybercriminals continuing to target poorly protected Mac computers in the future," Sophos senior technology consultant Graham Cluley says. "If the bad guys think they can make money out of infecting and compromising Macs, they will keep trying."
Both ESET's Cybersecurity for Mac and Sophos' antivirus platform will detect the Trojan.