SoylentNews is people
SoylentNews
DrWeb, a russian security team, reports it discovered a Mac botnet:
[...]a complex multi-purpose backdoor that entered the virus database as Mac.BackDoor.iWorm. Criminals can issue commands that get this program to carry out a wide range of instructions on the infected machines. A statistical analysis indicates that there are more than 17,000 unique IP addresses associated with infected Macs.
[...] It is worth mentioning that in order to acquire a control server address list, the bot uses the search service at reddit.com, and—as a search query—specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.
Information collected by Doctor Web's researchers shows that as of September 26, 2014, 17,658 IP addresses of infected devices were involved in the botnet created by hackers using Mac.BackDoor.iWorm. Most of them—4,610 (representing 26.1% of the total)—reside in the United States. Canada ranks second with 1,235 addresses (7%), and the United Kingdom ranks third with 1,227 IP addresses of infected computers (6.9% of the total).
(Score: 2) by TheLink on Saturday October 04 2014, @07:32PM
Doesn't have to be dependent on reddit.
Just google/bing for possible instructions, download potential candidates, check if signed by the right key, run if OK.
As per my post in 2006: http://it.slashdot.org/comments.pl?sid=173628&cid=14446665 [slashdot.org]
A possible tricky bit is how to search for stuff while making it hard for Google to block the search. If many thousands of bots searched for the same search terms perhaps Google could block them easily. Or maybe not given how many people like to search for the same things? Block as bot if only a few results turn up?