Rare Mac Trojan exploits Apple vuln
PrintiPwned
Posted in Enterprise Security, 23rd June 2008 10:07 GMT
Free whitepaper – Managing desktop software for fun and profit
A rare Mac OS X Trojan has been spotted on the internet. The AppleScript-THT Trojan horse exploits a vulnerability within the Apple Remote Desktop Agent to load itself with root privileges onto compromised Mac machines.
The malware, which is capable of infecting Mac OS X 10.4 and 10.5 boxes, surrenders control of compromised systems to hackers.
Keystroke logging on compromised systems, taking pictures (using the built-in Apple iSight camera) or capturing screenshots are among the hacker exploits enabled by the malware, Mac security outfit SecureMac reports. The malware weaves its malicious spell while attempting to remain undetected by opening ports in the firewall and turning off system logging.
SecureMac, which specialises in making anti-spyware software for Mac PCs, reports that miscreants have published multiple variants of the Trojan on a hacker-controlled website. Hackers on the site are discussing the possible distribution of the Trojan through the iChat instant messaging client and Limewire file sharing software.
The Trojan comes packaged either as a compiled AppleScript, called ASthtv05, or as an application bundle, weighing in at around 3.1 MB. Despite the use by the Trojan of a recently-discovered Apple Mac vulnerability, users need to download and open the Trojan horse before they become infected. ®
Free whitepaper – Airport insecurity: the case of lost laptops
Optimizing the data center for cost and efficiency
Out-of-box comparison between Dell, HP, and IBM blade servers
Systems management simplified
Total cost of ownership of Dell, HP and IBM blade solutions
SharePoint Server 2007 Server Farm Use Case