New Macintosh Trojan – Turns Your Mac Into a Virtual Website Attacker
Another Macintosh trojan hits the wild.
The last Macintosh trojan that we reported on
was named Flashback.C, and would execute after you opened a .dmg file posing to be Adobe Flash player. It would install and disable your Apple Anti-Malware system. If you had LittleSnitch installed, the trojan would not execute, instead automatically delete itself.
Now, another Macintosh trojan is on the loose. This trojan was originally made for Linux systems, but was ported to Mac OS by a couple of hackers. It's called OSX/Tsnunami.A and it uses your computer and internet connection to attack Web Sites. The Linux build of the trojan was known as Linux/Tsnunami or Troj/Kaiten.
How does it do that?
OSX/Tsnunami.A is installed on your computer, and sets itself up with internet servers through IRC and waits for users in those IRC's to enter commands for the trojan to execute. When activated, it will attack a Web Site with Distributed Denial of Service (DDoS) attacks. What this means is that the trojan will repeatedly send bulks of requests to a Web Site until it crashes. Effects will be similar to how Apple's website (more specifically the iOS 5 update servers) crashed due to the huge volume of users trying to update at once. That being said, this trojan can cause huge problems for Web Sites and the unaware user would be denying service to a Web Site, which is generally unlawful under intentional circumstances. So the trojan could be setting you up for more than just downing a Web Site, but it makes your machine a hotspot for agents investigating the issue.
Does it do anything else?
Yes. OSX/Tsnunami.A not only makes your computer attack Web Sites, but it also it attempts to fill your computer with more malware. Generally this wouldn't be too bad of an issue, as the Apple Anti-Malware is not disabled by this trojan. Most of it would be forbidden to execute from the start. But a mix of this trojan, plus the Flashback.C trojan is an ugly combination.
I warn all Mac users to be careful of what they are downloading. Make sure that all downloaded .Dmg files or any kind of file that can be executed are legitimate and downloaded from the official websites. These types of trojans are only installed by inadvertently downloading a fake .Dmg file and installing it. These kinds of trojans can only be installed after the users permits the installation by entering their system password. So please be cautious how you enter your password. If you don't have LittleSnitch, I highly recommend the investment, as it will help keep some of the problems such as Flashback.C out of your system. OSX/Tsnunami.A is definitely not a problem that you want to deal with.
Sophos Anti-Virus for Mac
has been updated to find and terminate OSX/Tsnunami.A. I recommend it if you are in fear that this trojan could potentially put you at risk, that you install Sophos.