So the media lit up regarding a supposedly new worm that is infecting Mac systems and using Reddit as it's command and control system called Mac.BackDoor.iWorm. That got your interest didn't it? Apple and Reddit, two well known tech brands and a seemingly sexy new attack vector. Problem is that the "research" into this new threat provides little to no evidence that the threat actually exists.

The company that claims to have discovered this threat Dr. Web provide no hash values or other indicators for other researchers to verify the existence of the malware. Why? Because they pulled the malware sample off of VirusTotal put a new name on it and published it as new research, many believe that it is this binary that was first uploaded to Virus Total in November of 2012. Had they published these values other researchers would know the malware has existed for a while, is not new and is not nearly as widespread or dangerous as it is being portrayed.

By putting the name "worm" in their title one would expect the malware to then be self-replicating and taking advantage of a security vulnerability in the OS X operating system. The problem is that it is not self-replicating and the researchers at Dr. Web even confirmed to a reporter this point, as well as the fact they don't know how it is even propagated. If they do not know how it is replicated, one then must wonder how is it that they can gauge the infection rates which they claim to be 17,658 IP addresses. What is the source of this information? They simple claim "information collected by Doctor Web's researchers" with no way to verify.

Why would a security company do such a thing? You have heard of Heartbleed right? Shellshock? Vulnerabilities and exploits have their own brand and if it is compelling enough is likely to make headlines. I believe this particular research has been setup as a marketing exercise for Dr. Web, even the last line in their blog post "the signature of this malware has been added to the virus database, so Mac.BackDoor.iWorm poses no danger to Macs protected with Dr.Web Anti-virus for Mac OS X."

I wrote a blog post on this topic a while back "The Media's Guide to Information Security FUD & Fiction"