Lazy to Hack: Is iWorm a Wake-Up Call for Mac Security?

09 October 2014

Is iWorm a Wake-Up Call for Mac Security?

With various publications reporting tens of thousands of users affected around the world by iWorm, does your organization have a good Mac security plan? When iWorm has infected a Mac computer, the malware makes a connection with a command and control (C & C) server out on the Internet. This connection with the C & C server can then be used to achieve a large range of tasks, including the theft of personal or corporate data, installing other malicious software applications, making configuration changes and more. iWorm even showed some interesting creativity by using a forum on the popular Reddit web site to communicate with its command and control network.

Maybe your Mac or organization weren’t affected, but it’s a good reminder of the fact that Macs aren’t immune to malware. In fact, over the past couple of years, our researchers have shown that Macs are increasingly seen as viable targets not only for targeted attacks, but even in the recent Shellshock situation. Here are some examples:

Shellshock: attacks targeting Macs: http://blog.trendmicro.com/trendlabs-security-intelligence/shellshock-vulnerability-downloads-kaiten-source-code/
Targeted attacks also targeting Macs: http://blog.trendmicro.com/trendlabs-security-intelligence/tibetan-themed-campaign-pushes-hybridized-malware/
Flashback Mac malware: http://blog.trendmicro.com/trendlabs-security-intelligence/osx_flashbck-a-backlash-to-apples-popularity/
Mac threats generally: http://blog.trendmicro.com/trendlabs-security-intelligence/category/mac/

Final thoughts on iWorm: anti-malware protection such as Trend Micro’s Security for Mac is important to have installed on all your MacOS systems, not only to block Windows malware from being spread or forwarded to Windows users, but also to block the MacOS malware that comes up from time to time. In fact, Trend Micro Security for Mac is integrated with OfficeScan and is part of the Smart Protection suites, providing the enterprise with an integrated view of malware incidents across Windows, mobile and Mac platforms.

= Disclaimer =

The author is not responsible for the actions, content or accuracy of the opinions expressed in Lazy2Hack, nor for privacy policies, products or services or for any damages or losses, directly or indirectly, caused or alleged to have been caused as a result of your use or reliance on such information. The views, conclusions, findings and opinions of the author are solely those of the author and do not necessarily reflect the views of the government of the author's local precinct or any other organization which the author may represent.

This website/blog includes links to other sites operated by third parties. These links are provided as a convenience to you and as an additional avenue of access to the information contained therein. The author has not reviewed all of the information on other sites and are not responsible for the content of any other sites or any products or services that may be offered through other sites. The inclusion of these links in no way indicates their endorsement, support or approval of the contents of this site or the policies or positions of Lazy2Hack.

The author reserves the right to edit, remove or deny access to content that is determined to be, in his sole discretion, unacceptable.

Lazy to Hack

::Trend Micro Threat Resource Center::

09 October 2014

Is iWorm a Wake-Up Call for Mac Security?

= Why =

:: Twitter Feed ::

= Latest Virus Alerts =

= Safe Web Browsing Tips =

= Daily Reads =

= On the go =

= Archives =

Labels

= Disclaimer =