Rare Mac Trojan exploits Apple vuln
PrintiPwned
Posted in Enterprise Security, 23rd June 2008 10:07 GMT
Free whitepaper – Vulnerability management buyer's checklist
A rare Mac OS X Trojan has been spotted on the internet. The AppleScript-THT Trojan horse exploits a vulnerability within the Apple Remote Desktop Agent to load itself with root privileges onto compromised Mac machines.
The malware, which is capable of infecting Mac OS X 10.4 and 10.5 boxes, surrenders control of compromised systems to hackers.
Keystroke logging on compromised systems, taking pictures (using the built-in Apple iSight camera) or capturing screenshots are among the hacker exploits enabled by the malware, Mac security outfit SecureMac reports. The malware weaves its malicious spell while attempting to remain undetected by opening ports in the firewall and turning off system logging.
SecureMac, which specialises in making anti-spyware software for Mac PCs, reports that miscreants have published multiple variants of the Trojan on a hacker-controlled website. Hackers on the site are discussing the possible distribution of the Trojan through the iChat instant messaging client and Limewire file sharing software.
The Trojan comes packaged either as a compiled AppleScript, called ASthtv05, or as an application bundle, weighing in at around 3.1 MB. Despite the use by the Trojan of a recently-discovered Apple Mac vulnerability, users need to download and open the Trojan horse before they become infected. ®
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
Analyst Keynote: The Register Agile Data Center Summit
Managing desktop software for fun and profit
Enabling the Agile Data Center
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive