 Security Firm Reports Trojan Targets Macs |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
 Jun 29 2008, 04:17 AM
Post
#1
|
|
 Forum Regular  Group: HJT Junior Classmen Posts: 316 Joined: 27-April 08 From: California USA Member No.: 205,650  |
Security researchers reported recently that they have spotted a Mac Trojan horse in the wild that could compromise machines running Apple Inc.'s Mac OS X 10.4 or 10.5. Last week, SecureMac, a Mac-specific vendor of antivirus tools, posted an alert saying that its researchers had found a Trojan horse, dubbed "AppleScript.THT," being distributed from a hacker-operated site where discussions of spreading the malware via iChat, Apple's instant messaging and video chat software, were also taking place. The company classified the threat posed by the Trojan as "critical." The malware exploits a recently publicized vulnerability in the Apple Remote Desktop Agent (ARDAgent), part of Tiger's and Leopard's Remote Management component. Composed as a compiled AppleScript, or in another variant, script bundled into an application, the Trojan leverages the ARDAgent bug to gain full control of the victimized Mac. "[It] allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging," claimed SecureMac. "Additionally, the Trojan can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing." SecureMac's warning came one day after an anonymous reader disclosed a few details of the ARDAgent vulnerability on Slashdot, and on the same day that rival security vendor Intego provided more information about the bug. Malicious AppleScript, said Intego, can call ARDAgent, which then gives that script full "root" access to the system. "When an application enables a root privilege escalation of this type, any malicious code that is run may have devastating effects. These may range from deleting all the files on the Mac to more pernicious attacks such as changing system settings and even setting up periodic tasks to perform them repeatedly," Intego's warning read. Like any Trojan horse, AppleScript.THT does not spread on its own but relies on user actions, such as downloading and launching, to infect a machine. Trojans can also be silently introduced on a computer if it's injected after a successful attack using another vulnerability, such as a browser bug. Some researchers downplayed the threat. Thomas Ptacek of Matasano Security LLC, a New York-based security consultancy, said the ARDAgent vulnerability wasn't much of a concern. "Who cares if someone busts root on your Mac?" Ptacek said in a Thursday entry on the Matasano blog. "It's a single-user system. I'll let you in on a Matasano state secret: if you break [my user] account, I'm in trouble. If you're malware and just trying to spread, or redirect my browser to phishing pages, you're wasting your time with this 'root' silliness." Ptacek and others have noted that users can protect themselves by removing ARDAgent from its normal location, which is System/Library/CoreServices/RemoteManagement, and archiving the application. http://www.pcworld.com/businesscenter/arti...rgets_macs.html -------------------- "Obstacles are what you see when you take your eyes off your goals"
 |
 |
 
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 5th December 2008 - 11:42 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.