Hackers idlers ported the ancient Trojan on Mac

Experts in protection of IT systems report that hackers hold testing of the new malware for Mac computers which they ported from the Trojan of nine-year prescription who is initially written for Linux.

The malware called "Tsunami" in a limited number circulates in network from last week, declared in ESET Security company. The first time of Tsunami was shown last week, the expert Robert Lipovsky reported. "We observed Trojans earlier [on Mac], but in this case writers of viruses just repeated the existing code instead of creating something new, - Lipovsky in an interview to the CIO.com edition told. – For them it is much simpler".

Lipovski referred to similarity of the code of the malware for Mac and a line of the Trojans aimed at the machines Linux in 2002. "Linux [virus] is directly not compatible to the Mac X platform, but is functional after recompilation", - Lipovski told. Unlike the old malware for Linux which was also called by Tsunami for one of its commands starting the distributed attack of failure in service (DDoS), the original version for Mac - 64-bit.

However in other Tsunami for Mac it is amazingly similar to the ancestor for Linux, allowing attacking through IRC channels (Internet Relay Chat) to execute commands on the infected computer, managing DDoS attack, loading of the additional malware or updates of the Trojan.

Hackers carried out updating of Tsunami for Mac, the researcher of ESET Pierre-Marc Bureau added to provide its start on the infected desktop Poppies or notebooks every time, after reset. The new version marked by "Tsunami.A" also uses different channels IRC and servers for management, he noted in the corporate blog.

Lipovski could not define - how exactly founders of Tsunami infect Poppies with a trojan. A drill also reported that in ESET there is no determinancy in what tactics of attackers was used for introduction of the malware on computers. But the short interval between releases and limited use of a virus results experts of ESET in opinion that Tsunami developers still test the Trojan. According to Buro, all of them still are engaged in adaptation of the code to the OS X platform.

According to a research of the British Sophos and the subsequent outputs, producers of a virus prepared also its 32-bit version which will be able to be executed on older Poppies where PowerPC processors are installed.

In the rating of the companies ESET and Sophos this threat is defined as insignificant.