First things first… iWorm is not a worm at all, but actually your plain old, garden variety Trojan. This is important because, whereas worms are self-replicating and can infect innocent bystanders, a Trojan requires that the victim voluntarily install the malware.
And, we know this because someone figured out where iWorm comes from and how it infects users:
The Mac worm is not a worm at all, but rather a classic trojan — a program which tricks you into installing malware, usually bundled with legitimate software. You can read about “iWorm” here: http://news.drweb.com/show/?i=5977. Please pay no attention to utter hysteria and FU not a worm at all, but rather a classic trojD from news outlets sensationalizing this story without any investigation.
I’ve located the dropper in torrents by this user https://thepiratebay.se/user/aceprog/, who offers bootleg copies of Adobe Photoshop, Illustrator, Microsoft Office and Parallels Desktop for OS X. There may be other sources and variants of this malware as well.
For what it’s worth, commenters claim that the malware traces back to the Demonoid torrent tracker, so beware because there could be multiple sources of illegal software and media spreading iWorm.
Again, iWorm is not a worm at all, but rather a Trojan. Moreover, this appears to a variant of the iWorm trojan that circulated back in 2009. The more things change…
iWorm: Are You Infected?
As Trojans go, iWorm seems to be fairly unsophisticated, as it has relied on command and control server lists stored in plain site on Reddit and creates easily visible folders and files on victims’ Macs.
That said, the C&C server lists have been moved and Reddit was never an infection vector, just a convenient place to store the lists.
So how do you tell your Mac is infected. It’s simple enough to find out.
In Finder, under the GO menu, select “Go to Folder,” copy/paste the following string and then hit Return:
/Library/Application Support/JavaW
If you just get a beep and the window displays “folder can’t be found,” then you are okay.
As iWorm is just a reheat of an existing trojan, you should be able to remove with free tools like AntiVirus for Mac and ClamXav.
Ya know, if you’re going to steal software, at least have the smarts to check it for malware…
What’s your take?
Leave a Reply