Rare Mac Trojan exploits Apple vuln
PrintiPwned
Posted in Software & Security, 23rd June 2008 10:07 GMT
Free whitepaper – What Exchange can't do - and Dell can
A rare Mac OS X Trojan has been spotted on the internet. The AppleScript-THT Trojan horse exploits a vulnerability within the Apple Remote Desktop Agent to load itself with root privileges onto compromised Mac machines.
The malware, which is capable of infecting Mac OS X 10.4 and 10.5 boxes, surrenders control of compromised systems to hackers.
Keystroke logging on compromised systems, taking pictures (using the built-in Apple iSight camera) or capturing screenshots are among the hacker exploits enabled by the malware, Mac security outfit SecureMac reports. The malware weaves its malicious spell while attempting to remain undetected by opening ports in the firewall and turning off system logging.
SecureMac, which specialises in making anti-spyware software for Mac PCs, reports that miscreants have published multiple variants of the Trojan on a hacker-controlled website. Hackers on the site are discussing the possible distribution of the Trojan through the iChat instant messaging client and Limewire file sharing software.
The Trojan comes packaged either as a compiled AppleScript, called ASthtv05, or as an application bundle, weighing in at around 3.1 MB. Despite the use by the Trojan of a recently-discovered Apple Mac vulnerability, users need to download and open the Trojan horse before they become infected. ®
Free whitepaper – Managing desktop software for fun and profit
The Register Agile Data Center Summit
Straight Talk with Dell: Sending out an SaaS
Seven ways to optimize VMware server virtualization
Automating the Acquisition Process with Enterprise Level CRM
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs