OSX/Tsunami.A, an IRC controlled backdoor Trojan for Mac OS X, has been discovered that enables the infected machine to become a bot for Distributed Denial of Service (DDoS) attacks.
The analyzed sample contains a hardcoded list of IRC servers and channel that it attempts to connect to. This client then listens and interprets commands from the channel. The list of accepted commands can be seen in the following comment block from the C source code of the Linux variant.
In addition to enabling DDoS attacks, the backdoor can enable a remote user to download files, such as additional malware or updates to the Tsunami code. The malware can also execute shell commands, giving it the ability to essentially take control of the affected machine.
In terms of functionality, the Mac variant of the backdoor is similar to its older Linux brother, with only the IRC server, channel and password changed and the greatest difference being that it’s a 64-bit Mach-O binary instead of an ELF binary.
Tags: Backdoor, Backdoor Trojan, Hacking Tool, Hacking Tools, Hacktools, Linux Trojan, Linux Tsunami, Linux Tsunami Trojan, Mac OS Trojan, Mac OS X Backdoor, Mac OS X Trojan, Mac Trojan, News, OSX Trojan, OSX Tsunami, Trojan, Trojan Horse, Tsunami Trojan
Filed in DoS Attacks, Hacking Tools, Stories/News, Viruses | Prasanna Sherekar
No comments:
Post a Comment