Apple updates XProtect, blacklists iWorm variants

In the face of an attack that infected more than 18,500 Macs, Apple has updated its XProtect anti-malware system to recognize and blacklist two variants of the iWorm malware used in the attack.

Researchers at Doctor Web last week revealed that they had discovered a new botnet that appeared to be infected with Mac.BackDoor.iWorm. 

Using Reddit's search function, the infected machines look for specific comments on the site that contain a list of botnet command-and-control servers and ports. The bots then pick a random server to query and through a “special routine,” try and connect the compromised machine to the server.

The update prevents the specified variants from being installed on user systems, according to

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.