Is your Mac infected with the iWorm malware?

Could your your Mac part of a malware botnet? There is a new type of malicious software infecting Apple Macs and there is a chance that your computer could already be compromised. Reports say that only 17 - 18,000 Macs have been infected, so it is nowhere near as widespread as the Flashback worm that infected 600,000+ Macs a couple fo years ago, but it is still a worry. Here's how to check whether your Mac is OK.

Check your Mac for iWorm malware

Malware is designed to run automatically when the Mac starts up. After all, if it didn't start, it wouldn't be a problem would it? So when looking for viruses, Trojans, worms and other types of malware, good places to look are where startup programs are stored.

Click Finder in the Dock at the bottom of the screen to open a Finder window. In the sidebar on the left, select the Mac's disk drive - it's called MacBook in the Devices section on my Mac, but disks can have any name of course, so yours might be called something different. This displays the root of the disk. Double click the Library folder to open it.

There are two folders that interest us here and one is Application Support. Open it and you will see folders created by apps installed on the Mac. The iWorm malware creates a folder called JavaW. If your Mac has been infected you will see a JavaW folder, but if you don't see it then you are clear. This Mac is OK because there isn't a JavaW folder:

Application Support folder on the Apple Mac

The other folder that needs to be checked in /Library is LaunchDaemons. Open /Library/LaunchDaemons and look for anything suspicious. Here is a clean Mac and you can see that the only items started automatically are Adobe, Google and Microsoft:

LaunchDaemons folder in OS X on the Apple Mac

Beware of anything referring to JavaW, such as com.JavaW, which is used by the malware. You might see references to apps you have removed in the LaunchDaemons folder, so while you are here you might as well clean up a little by removing them. Don't touch any items referring to apps that are still installed and that you use though.

The JavaW worm does not appear to add anything to the /Library/LaunchAgents folder, but there is no harm in checking. This is another place apps can be launched in the background. Be supsicious of anything you do not recognise and search the web for the name to find out what it is.

Anti virus software for OS X

Compared to Windows computers, Apple Macs suffer from very little malware and it is still possible to use one on a day to day basis without any security software. However, as this outbreak shows, the Mac is becoming increasingly unsafe and it is recommended that you install anti virus software in OS X.

There are several anti virus applications to choose from and here is just a small selection, many of which are free:





Yesterday only I scanned my Macintosh HD and external drive with Sophos simultaneously. Though external was safe, Sophos reported 10 malicious threats from Macintosh HD. I am glad such a free tool is available to make Mac risk free and yeah I removed those malicious files. Happy Ending.

Add new comment

By submitting this form, you accept the Mollom privacy policy.

Related items you will like...