NEWS FROM THE LAB - Monday, October 31, 2011

Backdoor:OSX/Tsunami.A Posted by Sean @ 16:47 GMT

Our description for Backdoor:OSX/Tsunami.A is now online. Tsunami is a Mac OS X backdoor with bot functionality.


The bot is capable of participating in DDoS attacks, and in fact, one variant attempts to connect to an IRC server with "anonops" in its name — as in (Internet collective) Anonymous Ops.

Because there is no obvious infection vector for Tsunami, some analysts have speculated that OSX/Tsunami is a work in progress. Others have noted that remote hacking of a server is one possible vector. Given that OSX/Tsunami is based on a Linux bot that has long used PHP vulnerabilities to install, this is a definite possibility.

We've even read some posts that have suggested that people may be installing this backdoor themselves in order to volunteer their computer to DDoS activities carried out by Anonymous.

Volunteering one's own computer??? That sounds absurd to us.

Especially when we consider all of the other Macs that are potentially available to be "volunteered" by members of Anonymous.