Apple updates definitions to prevent “iWorm” botnet malware on Macs

Among other items, the XProtect list now includes several iWorm variants.
Andrew Cunningham

In case you missed it over the weekend, MacRumors reports that Apple has updated OS X's built-in XProtect malware definitions list to include the Mac.BackDoor.iWorm malware we reported on late last week. The iWorm malware allegedly managed to infect more than 17,000 Macs worldwide, and it was apparently using a (now closed) Minecraftserverlists board on reddit to distribute the IP addresses of control servers to infected Macs.

XProtect was first introduced to OS X in Snow Leopard in response to the MacDefender malware that managed to infect some OS X systems back in 2011. While the complete list is only 40 items long as of this writing, OS X silently checks for XProtect updates daily, and Apple also uses the list to mandate the usage of up-to-date versions of Java and Flash. While XProtect doesn't do anything to clean existing infections, it can prevent new ones by telling users explicitly that they're attempting to install known malware.

Dr. Web, the antivirus vendor that first reported the existence of both the malware and the botnet, recommends that you buy its products to scan for and delete malware that may already be on your computer—researchers at antivirus companies can get the word out about new vulnerabilities, but they don't do it out of the goodness of their hearts. Developer Jacob Salmela has some instructions that can help you delete the malware manually.

Read on Ars Technica | Comments