Two security firms have reported that two rate but dangerous in-the-wild trojans are attacking Mac operating system.
According to Security firm Intego, the first and more dangerous, is a rare trojan, that is impacting versions Mac OS X 10.4 and 10.5.
The vulnerability allows malicious programs to execute code as root when run locally, or via a remote connection. It takes advantage of the fact that ARDAgent, a part of the Remote Management component of Mac OS X 10.4 and 10.5, has a setuid bit set.
Another security firm SecureMac, reported that the trojan is currently being distributed through a hacker website, but there are plans to deliver exploits through applications such as iChat or LimeWire. The company advisory said:
The trojan horse runs hidden on the system, and allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging.
There are cases where this exploit does not work. If a user has turned on Remote Management in the Sharing pane of System Preferences under Mac OS X 10.5, or if a user has installed Apple Remote Desktop client under Mac OS X 10.4 or earlier and has activated this setting in the Sharing preferences, the exploit will not function.
Intego also reported another trojan posing as a poker game. When the user attempts to launch the application, simply titled ‘PokerGame’, a dialog box appears asking for the machine’s administrator password. When the password is entered, the application executes a script that logs the user’s name, password, and IP address, then uploads the stolen data to a remote server.
Joel Esler, a handler with the SANS Internet Storm Center, told SCMagazineUS on Friday that there have been previous Mac trojans in the wild, but all have required a password to run.
You don’t have to say, ‘OK, I allow you to run,’ with this one. You just double-click on it and execute it.
Still, he said users should not worry.
1 response so far
1 surf ~ Jun 23, 2008 at 2:37 am
Nice Post .Posted this link in http://www.surfurls.com .Its a social bookmarking site.
You must log in to post a comment.