Is your Mac infected with the iWorm malware?

Submitted by janmich on Mon, 10/06/2014 - 03:37

Could your your Mac part of a malware botnet? There is a new type of malicious software infecting Apple Macs and there is a chance that your computer could already be compromised. Reports say that only 17 - 18,000 Macs have been infected, so it is nowhere near as widespread as the Flashback worm that infected 600,000+ Macs a couple fo years ago, but it is still a worry. Here's how to check whether your Mac is OK.

Check your Mac for iWorm malware

Malware is designed to run automatically when the Mac starts up. After all, if it didn't start, it wouldn't be a problem would it? So when looking for viruses, Trojans, worms and other types of malware, good places to look are where startup programs are stored.

Click Finder in the Dock at the bottom of the screen to open a Finder window. In the sidebar on the left, select the Mac's disk drive - it's called MacBook in the Devices section on my Mac, but disks can have any name of course, so yours might be called something different. This displays the root of the disk. Double click the Library folder to open it.

There are two folders that interest us here and one is Application Support. Open it and you will see folders created by apps installed on the Mac. The iWorm malware creates a folder called JavaW. If your Mac has been infected you will see a JavaW folder, but if you don't see it then you are clear. This Mac is OK because there isn't a JavaW folder:

The other folder that needs to be checked in /Library is LaunchDaemons. Open /Library/LaunchDaemons and look for anything suspicious. Here is a clean Mac and you can see that the only items started automatically are Adobe, Google and Microsoft:

Beware of anything referring to JavaW, such as com.JavaW, which is used by the malware. You might see references to apps you have removed in the LaunchDaemons folder, so while you are here you might as well clean up a little by removing them. Don't touch any items referring to apps that are still installed and that you use though.

The JavaW worm does not appear to add anything to the /Library/LaunchAgents folder, but there is no harm in checking. This is another place apps can be launched in the background. Be supsicious of anything you do not recognise and search the web for the name to find out what it is.

Anti virus software for OS X

Compared to Windows computers, Apple Macs suffer from very little malware and it is still possible to use one on a day to day basis without any security software. However, as this outbreak shows, the Mac is becoming increasingly unsafe and it is recommended that you install anti virus software in OS X.

There are several anti virus applications to choose from and here is just a small selection, many of which are free:

Tags:

Add new comment

More information about text formats

Plain text

  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
2 + 11 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.