Mac Trojan Vulnerability on OSX 10.4 & 10.5
Posted: Thu Jun 26, 2008 3:38 pm
more info, how to protect(what everyone already knows of course), etc.The Macintosh platform is again under attack by malicious code writers. This time, it's a Trojan horse that could compromise machines running Mac OS X 10.4 or 10.5.
Antivirus firm SecureMac claims to have discovered multiple variants of a Trojan horse being distributed from a hacker Web site. The site hosts a discussion on distributing the Trojan horse through iChat and Limewire.
The Trojan, distributed as either a compiled AppleScript called ASthtv05 or as an application bundle called AStht_v06, exploits a recently discovered vulnerability with the Apple Remote Desktop agent. The ARD allows the Trojan to run as root.
According to SecureMac, the Trojan runs hidden on a Mac and allows a malicious user complete remote access. The Trojan can transmit system and user passwords, and avoid detection by opening ports in the firewall and turning off system logging. The AppleScript version, SecureMac reported, can also log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing.
