Tsunami backdoor trojan ported from Linux to take control of Macs too

The Linux-based Tsunami backdoor trojan has made its way over to the Mac, according to security firm ESET. The company posted to its blog (hat tip to Macworld) that a Mac-specific variant, OSX/Tsunami.A has made an appearance on the trojan scene, though ESET made no mention of whether it was gaining any traction among users.

ESET's Robert Lipovsky wrote on Wednesday that the code for OSX/Tsunami.A was ported from the Linux version of the trojan that the company has been tracking since 2002. Hard-coded is a list of IRC servers and channels, which the trojan tries to connect to in order to listen for malicious commands sent from those channels.

Lipovsky published a list of the commands pulled from the Linux variant of Tsunami, but the general gist is that the trojan can open a backdoor to perform DDoS attacks, download files, or execute shell commands. Tsunami has "the ability to essentially take control of the affected machine."

Security firm Sophos also acknowledged the appearance of the Mac-targeted Tsunami backdoor, but reminded users that there is still "far less malware existence for Mac OS X than for Windows." Still, the company says the problem is real and that users should protect themselves with anti-malware software. "We fully expect to see cybercriminals continuing to target poorly protected Mac computers in the future," Sophos' Graham Cluley wrote. "If the bad guys think they can make money out of infecting and compromising Macs, they will keep trying."

http://arstechnica.com/apple/news/2011/10/tsunami-backdoor-trojan-ported-from-linux-to-take-control-of-macs-too.ars

with regards to AV software. :P

I use Ubuntu on one of my laptops, and always assume I'm at less "viral risk" when using it...

(Though OS X is based on Linux, yes?)

close but not the same animal.

It's my understanding that the lead programmer for FreeBSD went to work for Apple to develop OSX. NetBSD is strictly Open Source.

It's a full rootkit. It's primary role is to set up DDOS zombies, but is capable of accessing the filesystem, can run other commands on the machine, and can potentially run with full user priv's.

Security researchers have been saying for many years that Linux and Mac's aren't inherently any more secure than modern Windows PC's, but that they simply don't get the same black hat attention as Windows because they're such relatively small markets. That may have been the case 10 years ago when Mac's were 3% of the market and Linux desktops were 1%, but those platforms are getting more attention from botnet and malware authors now that their marketshare has grown.

Things are only going to get worse. My own linux PC's are all virus protected at this point, as is my Mac Mini.

Saying that "I don't need antivirus because I run Linux or Mac" is like saying "I don't need to wear a condom because I only sleep with nuns, and everyone knows that nuns don't have STD's." That's true when you're the only one sleeping with the nuns, but what if everyone on the block starts doing it?

I have a PowerPC IBook that had a real nasty backdoor on it when I acquired it. Even reinstalling the OX didn't remove it. Finally, I installed NetBSD, then reinstalled OSX. That took care of it.

:sarcasm:

That made it much easier to port Windows based Binaries to OSX.

NO OS is invulnerable. It's easier to attack a Mac or Linux based machine than you think.

Someone went to a lot of trouble for nothing.......

latest stats, not even a blip on the radar, and since most Apple owners are too busy taking photos of themselves to put up on Facebook instead of worrying about security, they get taken advantage of.....

:evilgrin: :sarcasm:

wake me up when the flailing fear-flingers fade...

nt.

:hide: