Mac malware: Tsunami backdoor variants discovered


WavesAs our friends at ESET have mentioned on their blog, new variants of the latest Mac malware – the Tsunami backdoor Trojan – have been discovered.

SophosLabs has received a few new samples of the malware – which can be used both to launch denial-of-service attacks and by remote hackers to gain access to your computer.

The new versions, which Sophos is adding detection for as OSX/Tsunami-Gen, are builds for 32-bit Intel x86 and PowerPC Mac computers, whereas the original version was 64-bit only. In addition, the new samples use a different IRC domain for their command & control server.

Some folks have questioned why the computer security industry has dubbed this threat “Tsunami”, and I must admit that I find myself feeling somewhat uncomfortable with the name because of the devastating natural disasters that have struck in some parts of the world.

The truth is, however, that the name derives from one of the commands that can be sent to computers running the malicious code, to flood a target with internet traffic.

Tsunami command

It’s actually the same command that was built into the Linux version of the attack tool (which Sophos calls Troj/Kaiten) first seen some years ago.

Because we see considerably less malware for Mac OS X than we do for Windows, new Mac threats tend to make the news headlines. It’s important to note that the sky is not falling, and we believe the threat posed by OSX/Tsunami is currently quite low. Indeed, we have not received any reports from customers yet of infections by this Mac malware.

Nevertheless, it’s clear that someone is working on developing new versions of this code for the Mac platform and you have to presume they are not doing it purely for the intellectual challenge. (If they are, Lord help them.. it’s not much of a challenge)

Mac users would be wise to take preventative steps against this, and the other malware which we see for the Mac OS X platform. Free anti-virus software is available for Mac home users – so there’s really no excuse.

More details about OSX/Tsunami can be read in our earlier article on the topic.