IRC – internet relay chat – channels were the CB radio of the internet in the 1980s and 1990s, but are still used by a number of technical enthusiasts, as well as users looking for a simple instant messaging medium that can be used on a group-chat basis.
According to Robert Lipovsky, a researcher with ESET's Bratislava-based operation, the interesting part about the malware is that it targets the Mac OS X operating system platform.
His research team compared the code to samples in its malware collection and discovered that this code is an OS X port of the Linux family of backdoors that ESET has been detecting since 2002 as Linux/Tsunami.
“The analyzed sample contains a hardcoded list of IRC servers and channel that it attempts to connect to. This client then listens and interprets commands from the channel. The list of accepted commands can be seen in the following comment block from the C source code of the Linux variant”, he wrote in his latest security posting.
In addition to enabling DDoS attacks, Lipovsky noted that the backdoor can enable a remote user to download files, such as additional malware or updates to the Tsunami code. The malware, he said, can also execute shell commands, giving it the ability to take control of the affected machine.
“In terms of functionality, the Mac variant of the backdoor is similar to its older Linux brother, with only the IRC server, channel and password changed and the greatest difference being that it’s a 64-bit Mach-O binary instead of an ELF binary”, he concludes.