Link

Mac Worm uses Reddit for botnet propagation

http://news.drweb.com/show/?i=5977&c=5&lng=en&p=0

It’s a little old now, I’m surprised I hadn’t blogged about it before now, but I feel it’s still an interesting little exploit to mention.

From my naive understanding of the exploit, it masks itself as a Java-esque app and trys to gain port listening access surreptitiously.

The novel part is that once it can, it searches Reddit for a partial MD5 hash based on the current date, which would return a list of ips published by a former /u/vtnhiaovyd on a former r/minecraftserverlists.

These IPs are of course C&C servers, from which the worm gets further commands.

It’s all been long cleaned up, but I still find it an amusing and novel little worm.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s