Two new Mac OS Trojans have been uncovered
Twin Trojans attack Macs
/v3-uk/news/1962317/twin-trojans-attack-macs
21 Jun 2008, Shaun Nichols , V3
Security researchers are warning of a crop of new malware threats that have appeared for the Mac OS in recent days.
The outbreak includes two Trojan applications and a publicly disclosed remote code execution vulnerability.
Security firm Intego, which uncovered the Mac DNS Changer Trojan last year, told vnunet.com that it had discovered a new malware threat posing as a poker game.
When the user attempts to launch the 'PokerGame' application a dialog box asks for the machine's administrator password.
When the password is entered, the application executes a script that logs the user's name, password and IP address then uploads the stolen data to a remote server.
An attacker would then have the ability to remotely access and control the system, according to Intego.
Separately, Intego disclosed a vulnerability in OS X's Remote Management agent which could allow an attacker to remotely execute code with the privileges of the current user.
A spokesperson told vnunet.com that the issue has been reported to Apple and that no attacks in the wild have been reported as yet.
Security vendor SecureMac reported another OS X Trojan which is distributed by an AppleScript known as ASthtv05, or bundled as an application under the AStht_v06.
When executed, the script will allow an attacker to remotely access the user's iSight camera, log key-strokes, retrieve screen shots and manipulate file sharing settings.
The reports mark the first new malware threats for the MacOS since November 2007 when a DNS changer Trojan was spotted posing as a video codec.
Security has long been a top selling point for Apple, as Mac malware has been seen as virtually nonexistent in comparison to the hundreds of thousands of malicious apps currently threatening Windows.
Intego and SecureMac recommend that users follow best practice by not opening unsolicited or suspicious files.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Thud!
And I'm sure all 2 people that have actually been infected are hopping mad.
My worry level of getting infected? Zero.
Posted by Dester Wallaboo, 20 Jun 2008
Remote access??
In order for the first Trojan to work the script would be required to change File Sharing and Firewall settings, even then, if the Mac is on a routered network, getting by the NAT could stop them if more than one router is used and default settings are changed. Doesn't sound like a BIG threat, nor worth the effort to build.
Posted by Lee, 20 Jun 2008
Traffic monitioring as prevention?
Would a utility like Little Snitch be able to detect the outgoing traffic and give you a chance to stop the uploading of your info?
Posted by Doc Tagle, 21 Jun 2008
None in the wild...
Just more false reporting just to sell virus software. NONE of these 2 strains have been found in "the wild", they are just proof of concept, but nobody in the Mac world could be infected without lots of effort on the part of the User.
Yawn...
Posted by OS14, 21 Jun 2008
Well, if the user is that stupid...
If a users is stupid enough that he launches an app as an administrator that obviously shouldn't be, he gets what he deserves. Honestly, users need to be more educated about the user/administrator setup so that they don't do stupid things like this. Unfortunately, Windows has set a bad example all these years and many casual users at too uneducated about these things that this stuff is allowed to happen.
Posted by Ruel Smith, 21 Jun 2008