News report confused about Tsunami
Published October 26th, 2011 at 11:07 AM EST , modified October 26th, 2011 at 11:08 AM EST
MacWorld has posted an online article about a new threat called Tsunami, a tool that can be used for distributed denial of service (DDoS) attacks against web sites. Many security sites are also posting stories about Tsunami as well. But there’s some confusion in all the news. So what is Tsunami, what does it do and is it a concern to Mac users?
First, let’s look at what a DDoS attack is. Such an attack is one where many machines all cooperate to send a flood of network traffic to a particular web site, disrupting normal operation and possibly even crashing the server. These attacks usually require large numbers of machines, all with some hacker tool or malware installed. They may be willing participants or infected with malware. Attacks are usually launched by someone with a grudge against a particular site, and are illegal.
MacWorld calls Tsunami a trojan horse, citing a Sophos blog post on the topic. Sophos calls Tsunami a trojan horse as well. However, that same post also says:
The big question, of course, is how would this code find itself on your Mac in the first place? It could be that a malicious hacker plants it there, to access your computer remotely and launch DDoS attacks, or it may even be that you have volunteered your Mac to participate in an organised attack on a website.
Careful reading of that paragraph reveals no indication whatsoever that this tool is actually a trojan horse. The only two ways Sophos suggests that Tsunami can get installed on your computer are if a human manually installs the software on your machine or if you choose to download and install it yourself. They make no mention of software that tricks you into installing this, which is the definition of a trojan horse.
An Intego blog post confirms that this is not a trojan. Tsunami is a hacker tool, and as such is not a real threat to most users. If you know someone who is a hacker, with access to your machine, who might want to launch a DDoS attack against someone, then you might have some trouble. Most people are probably not in that situation, but if you are, there’s nothing particularly new about Tsunami. Other similar tools have existed for some time.
Bottom line, this is not something to get worked up about. It is not a trojan, as MacWorld and Sophos claim. It is a hacker tool, which requires manual installation with full knowledge of what is being installed and how to install it.