

Hackers Are Controling 17,000 Apple Computers - TimMeade
http://finance.yahoo.com/news/hackers-found-flaw-macs-using-121808264.html

======
milhous
Anyone have a clue on the attack vector? A reddit post said that the presence
of the "/Library/Application Support/JavaW" indicates an infected system.
Flash? Java?

~~~
joezydeco
Perhaps some kind of pirated Minecraft client is the vector? Java is needed,
mods to that area are probably ignored, and the malware is connecting to a
Reddit Minecraft forum which is something that is almost certainly not blocked
by the victim if they're a player/fan.

------
joshbaptiste
[http://news.drweb.com/show/?i=5977&c=5&lng=en&p=0](http://news.drweb.com/show/?i=5977&c=5&lng=en&p=0)
\- Analysis

------
taurenk
can someone explain why does the infected machine have to connect to Reddit to
read the list of IP addresses?

~~~
Spooks
I know a lot of malware checks google.com to see if they are connected to the
internet, as it is usually a site that is up and not blocked. Haven't looked
into it yet to see if this is the case as well

