In the face of an attack that infected more than 18,500 Macs, Apple has updated its XProtect anti-malware system to recognize and blacklist two variants of the iWorm malware used in the attack.

Researchers at Doctor Web last week revealed that they had discovered a new botnet that appeared to be infected with Mac.BackDoor.iWorm. 

Using Reddit's search function, the infected machines look for specific comments on the site that contain a list of botnet command-and-control servers and ports. The bots then pick a random server to query and through a “special routine,” try and connect the compromised machine to the server.

The update prevents the specified variants from being installed on user systems, according to