Apple Updates Xprotect Malware Definitions To Stop iWorm Mac Botnet

Apple changed its XProtect blacklisting system for OS X this weekend to deal with the recent iWorm attacks that have allegedly affected more than 18,000 Macs. As noted by MacRumors and Business Insider, a change to the XProtect.plist file that was released on October 4 contained definitions to safeguard users from three variations of the iWorm malware, including OSX.iWorm.A, OSX.iWorm.B, and OSX.iWorm.C. System32

Security researchers at Russian antivirus company Dr Web discovered that the iWorm malware was targeting OS X computers. It also formed a botnet using the Reddit server list. It is not known how the malware got around, but an anonymous tip sent to The Safe Mac suggests the malware was distributed with pirated Mac software downloads on The Pirate Bay.

In addition to Apple's anti-malware actions, Reddit also shut down the fake Minecraft subreddit and banned the account that was posting the iWorm botnet server list on the subreddit's forums. Without these posts, iWorm-controlled Macs aren't able to connect to the botnet servers which are used by hackers to transmit instructions to infected machines.