“Dr. Web announced the discovery of a new piece of Mac malware on Monday, which they are calling Mac.Backdoor.iWorm. According to their report, they believe the malware is affecting ‘more than 17,000 unique IP addresses,'” The Safe Mac reports. “Of course, this may not correlate well with the number of infected Macs, since most Macs do not have static IP addresses, but the number of infected Macs should at least be on the same order of magnitude.”
“It’s unclear from Dr. Web’s report exactly how the malware gets installed,” The Safe Mac reports. “The name ‘iWorm’ suggests some kind of virus-like behavior. According to the report, the ‘dropper’ (ie, the program that installs the malware) puts the executable in a folder named JavaW in the /Library/Application Support/ folder, but this does not necessarily mean that Java is involved in any way. The name could simply be chosen as camouflage.”
“To check to see if you are infected, go to the Finder and choose Go to Folder from the Go menu,” The Safe Mac reports. “Copy the following path and paste it into the window that opens – /Library/Application Support/JavaW – then, click the Go button. If you just get a beep, and the window displays a message in the bottom left corner that the folder can’t be found, then you should be okay.”
More info and links in the full article here.
[Thanks to MacDailyNews Reader “elder norm” for the heads up.]