New Mac OS X email worm discovered

[clevin]

http://blogs.zdnet.com/security/?p=3346

The worm propagates through emails harvested from infected hosts, and has a backdoor functionality allowing its author to perform the following actions if a successful remote connection is established - attempts to create a botnet, has keylogging functionality, and can also perform DDoS attacks as well as send spam,

Despite the similarities of its features with the ones of OSX.Trojan.iServices.A (the iBotnet OS X malware), Tored is not currently spreading in the wild, in fact some vendors are calling it lame and state that it will never spread successfully due to the bugs in its code, next to the the spelling mistakes within the messages it uses for email spreading:

 

[ppc750fx]

Tored is not currently spreading in the wild

Gee... seems like a pattern here....

 

[clevin]

Gee... seems like a pattern here....

oh, can you provide some cases of such thing that constitute your "pattern"?

 

[madog]

oh, can you provide some cases of such thing that constitute your "pattern"?

It's possible that he means of all the worms, holes, security flaws with OS X, very rarely, if at all, do they come into fruition or become an actual security threat to the OS. Every system has its flaws, yet it hasn't really been worth it, or hasn't been easy enough for the typical creators of such things to put in the effort needed to infect the small percentage of Macs vulnerable and still turn a profit (say, infecting 5% of Windows machines out there or infecting 5% of Macs out there, and then having 1% of those people give up information or fall for the associated scam to earn said profit).

I'm not referring to the handful of trojans out there that can affect the Mac OS, though.

 

[clevin]

It's possible that he means of all the worms, holes, security flaws with OS X, very rarely, if at all, do they come into fruition or become an actual security threat to the OS.

Im just curious about the prior cases of such worms that "exist in reality, but not severe enough, or not good enough to cause significant damages. "

 

[Jethryn Freyman]

I can't find any detail on this "worm" or on how it works.

Vendors are calling it "proof on concept".

I also doubt it's a worm, it's most likely a trojan which acts like a worm.

EDIT:

There is no indication that Tored can execute without user intervention. For example, Symantec does not seem to suggest that there are any issues with Mac OS X mail clients that could cause the code to be automatically executed when the message is opened.

It's a trojan.

 

[ppc750fx]

Im just curious about the prior cases of such worms that "exist in reality, but not severe enough, or not good enough to cause significant damages. "

Well it's not really a worm, but a trojan.

And yes, I'd say that OSX/Oompa-A was quite similar. From a similar announcement around the time of its discovery:

I'd really be tempted to call this thing a non-event; it's poorly written, can't spread beyond your local network, is unlikely to infect anything on most machines, and needs user interaction to do anything at all

There was also that Bluetooth worm c. Panther that was created after the hole it exploited was patched (and after the patch was rolled out.)

So yeah, I think it follows the pattern of "things that get the news sites in a fit, but don't actually pose a real threat".