The Trojan, whose origins can be traced back to the Kaiten Trojan for Linux, has been named “Tsunami” by Internet security company Sophos, who says that Mac OS X systems are becoming an increasing target for cybercriminals.
"Mac users are reminded that even though there is far less malware in existence for Mac OS X than for Windows, that doesn't mean the problem is non-existent," writes Graham Cluley of net security firm Sophos.
"We fully expect to see cybercriminals continuing to target poorly protected Mac computers in the future. If the bad guys think they can make money out of infecting and compromising Macs, they will keep trying. My advice to Mac users is simple: don't be a soft target, protect yourself."
According to Sophos, the malware receives instructions from an IRC channel and can execute shell commands, download additional malware or mount a DDOS attack, often used to prevent a selected website from functioning efficiently.
Though Sophos says that the malware was flagged up as a Trojan when it updated its Mac antivirus software, Intego claims it to be something quite different, stating that “Tsunami” is “a tool that requires installation, and may actually be installed manually by people who choose to participate in DDoS attacks, such as those in the Anonymous group,” a group of hackers who have become renowned for its attacks on huge corporations.
If indeed that is the case, the threat level is said to be low for general Mac owners, though users are warned to always keep their systems as protected as possible.
Sophos and other Internet security companies are still investigating “Tsunami” and more information should filter onto the web over the coming days.
