New iWorm Worm Specifically Targets OS X - How to Know if Your Mac is Infected

Security researchers have discovered a new worm that specifically targets OS X on Macs, and which controls them through Reddit.com. Dubbed the “iWorm”, or the “Mac.BackDoor.iWorm”, the iWorm was first publicly reported last week on the Dr. Web anti-virus site. There is a way to check to see if you have the iWorm on your Mac, which we explain below.

Rather than having the infected Mac report directly to a server for its instructions, the criminals behind iWorm issue instructions through posts on Reddit, and the infected Macs check in on Reddit to get their commands.

(Kind of evil genius stuff, if you think about it, as an instruction server can be targeted and taken offline, but nobody is going to take Reddit offline.)

According to the Dr. Web report, so far more than 18,500 Macs are infected with the iWorm. Dr. Web calculates this based on the unique IP addresses from which each infected Mac is connecting.

To determine whether or not your Mac has been infected with the iWorm, follow these steps:

Pssst! Get notified of new TIP articles here:

On your Mac, open Finder, click on “Go”, and select “Go to Folder”:

This will pop open a window in which to type the path of the folder; what you are looking for is the folder that iWorm creates when it infects your machine. If the folder is there, your Mac is infected.

Here is the directory path to type into that window:

/Library/Application Support/JavaW

Copy and paste that into the window:

Hopefully your results will look like this:

If so, breathe a sigh of relief, and consider that if you were one of those people who never bothered to get anti-virus software because you have a Mac, well, it’s time to rethink that strategy.

While we have not extensively tested the various Mac anti-virus options out there ourselves, we’ve heard really good things about the free Sophos anti-virus protection.

Summary

Article Name

New iWorm Worm Specifically Targets OS X - How to Know if Your Mac is Infected

Description

The "iWorm", or the "Mac.BackDoor.iWorm", has reportedly infected more than 18,500 Macs so far. Here's how to check to see if your Mac is infected.

Author

Anne P. Mitchell

The Internet Patrol is provided as a public service by the Institute for Social Internet Public Policy, and edited and primarily authored by Anne P. Mitchell who is an Internet security and privacy attorney.

(Hey! Please let us know if you liked this article by leaving us a comment!)

Recent Comments

Mary on What to Do if Your Amazon Order Never Arrives but They Say it Was DeliveredI have not tried any steps yet But I wanted to TY first & foremost for taking the time to give detailed step by step info diagrams/pics with your excellent post!! I had searched all over & could not find anything remotely close to what I needed & just when...
Mindy on Facebook “Saved” Section for Saving Links, Videos, Events, Music, Movies and MoreThe "show more" section of saved items does not work. Only most recent items display. Any suggestions as to how to fix this. I can't see all the archived items as well. Thanks for any help you may have with this issue.
Stephanie Redmond on Explanation of Merchant Names on Your Credit Card or Bank Statement – Example: Who is SEI?What is dcs? I have a charge from gswgldcs.com
Christopher on What YOU Need to do RIGHT NOW Because of the Equifax Data Breach in Order to Protect YourselfAs of today (9/16/2017) was able freeze all four credit bureaus without any problem and it didn't cost me anything. The first attempt with Equifax failed but I tried again and it went through. Curiously, Innovis didn't give me a pin to unfreeze, but the other 3 did.
T . V. Anderson on Fixing “The Message Could Not Be Moved to the Mailbox Trash” Error on a MacTHANKS SO MUCH. YOUR INSTRUCTIONS ON HOW TO FIX "THE MESSAGE COULD NOT BE MOVED TO THE MAILBOX" WORKED PERFECTLY.
PM Laberge on Facebook Post Sends Martin Shkreli to JailClearly, he and his Legal Beagle, are attempting some sort of "he is not responsible for anything due to insanity", plea. "Your Honour! Would any sane man do what my client has done?" He needs Judge Judy to try his case. She will fix his wagon.
lynn on What YOU Need to do RIGHT NOW Because of the Equifax Data Breach in Order to Protect Yourselfsame thing - Experion wouldn't do unless i send it in writing; only was able to use Innovis.
JOHN T. GILBERT on What YOU Need to do RIGHT NOW Because of the Equifax Data Breach in Order to Protect YourselfI got a negative on both telephone calls and emails. Fill out all the forms and then get a can't respond to your request note.
Steve on How to Stop People from Adding You to Facebook Groups without Your PermissionNot only annoying but potentially could cause legal issues, for example if someone was to add you to a group about something illegal or just downright nasty. Does fb also go 'steve just joined the group xyz' on your friends newsfeeds?
Janine on What YOU Need to do RIGHT NOW Because of the Equifax Data Breach in Order to Protect YourselfI was successful on Experian, not Transition or Equinox. Equinox takes all your info then when you submit the form--you get an error code.

New iWorm Worm Specifically Targets OS X – How to Know if Your Mac is Infected

You might also like some of our other articles:

Leave a Reply Cancel reply