Wednesday, 5 November 2014


apple-iWorm
Apple Security Check Can't Find iWorm Even After The Update

iWorm, malware found in late September which infected thousands of computers seems to be undetectable by Apple's Security Technologies for mac OS X even after the update.

An update was released by Apple in order to detect iWorm. The update was available  for its XProtect Antivirus Program. But it seems that iWorm is still undetectable as the program only detects for iWorm when iWorm's installer is launched which is a one-time operation as reported by Patrick Wardle, director of research with Synack. He published his findings in a paper.

What is iWorm?


iWorm, which is a backdoor that can steal data from a computer, infected more than 18,000 machines, according to security company Dr. Web. It does not exploit any vulnerabilities on Mac OS X but instead relies on tricking people to install it.

How iWorm Spread? 

iWorm spread via popular torrent search engine The Pirate Bay. It was binded with the pirated versions of Adobe Systems’ Photoshop and Illustrator applications, Parallels Desktop and Microsoft Office for Mac software which were available for download for free (comes with crack)

GateKeeper 

Wardle said in a statement that Apple's another security software GateKeeper was also unable to find the malware. GateKeeper is a piece of software that detects the signature of a recently downloaded file to check if it originates from Apple Play store or has an approved company's certificate. If no, it warns the user but still users have the ability to ignore it and to run it anyway.



Some applications such as Safari,Google Chrome, Firefox will flag files for GateKepper to check it. But the problem is that when a file is downloaded via a Torrent client such as uTorrent or BitTorrent it does not allow GateKeeper to check it as it does not come with this feature. So binding iWorm with torrent downloadable files is a great move from the attackers.  

0 comments:

Post a Comment