Trojan horse affects Mac OS X 10.4 and 10.5

7 Comments

by Doug Aamoth on June 20, 2008

TrojanHorseMythImage

Head’s up. SecureMac has discovered a new Trojan horse floating around that affects users of Mac OS X, versions 10.4 and 10.5. It’s “currently being distributed from a hacker website, where discussion has taken place on distributing the Trojan horse through iChat and Limewire.” Here’s more…

“The Trojan horse runs hidden on the system, and allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging. Additionally, the AppleScript.THT Trojan horse can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing. The Trojan horse exploits a recently discovered vulnerability with the Apple Remote Desktop Agent, which allows it to run as root.

The Trojan is distributed as either a compiled AppleScript, called ASthtv05 (60 KB in size), or as an application bundle called AStht_v06 (3.1 MB in size). The user must download and open the Trojan horse in order to become infected. Once the Trojan horse is running, it will move itself into the /Library/Caches/ folder, and add itself to the System Login Items.”

SecureMac is recommending people to run MacScan 2.5.2 (one of the company’s own products) but it’d stand to reason that other security software would be updated to address the threat by now. Happy computing and be careful!

Comments

TheHoldSteady - June 20th, 2008 at 1:16 pm GMT+5

Where is your black-turtlenecked god now?

Chuck - June 20th, 2008 at 7:02 pm GMT+5

PC DUDE to MAC DUDE – “Welcome to the party pal”

Uway - June 20th, 2008 at 7:49 pm GMT+5

well at least it doesn’t open on its own and attack your machine. you still have to download it and open it.

joe - June 22nd, 2008 at 2:33 am GMT+5

windows viruses require that you download them and open them aswel dipshit

reply
- Jeremy - June 22nd, 2008 at 12:37 pm GMT+5
  
  Really, Joe? I’m glad we can all surf the web with the knowledge that our Windows machines are completely safe so long as we don’t download and install the wrong files. No one would ever inject a self installing trojan into a Facebook or Myspace page or a banner advertisement. Nuh uh.
  
  reply

Vincent - June 20th, 2008 at 8:15 pm GMT+5

if that all the problems Mac has that’s nothin

Jim - June 22nd, 2008 at 4:47 am GMT+5

Well at least it’s already been addressed by various anti virus programs.

TheHoldSteady - June 20th, 2008 at 1:16 pm GMT+5

Where is your black-turtlenecked god now?

Chuck - June 20th, 2008 at 7:02 pm GMT+5

PC DUDE to MAC DUDE – “Welcome to the party pal”

Uway - June 20th, 2008 at 7:49 pm GMT+5

well at least it doesn’t open on its own and attack your machine. you still have to download it and open it.

- joe - June 22nd, 2008 at 2:33 am GMT+5
  
  windows viruses require that you download them and open them aswel dipshit
  
  - Jeremy - June 22nd, 2008 at 12:37 pm GMT+5
    
    Really, Joe? I’m glad we can all surf the web with the knowledge that our Windows machines are completely safe so long as we don’t download and install the wrong files. No one would ever inject a self installing trojan into a Facebook or Myspace page or a banner advertisement. Nuh uh.
    
Vincent - June 20th, 2008 at 8:15 pm GMT+5

if that all the problems Mac has that’s nothin

Jim - June 22nd, 2008 at 4:47 am GMT+5

Well at least it’s already been addressed by various anti virus programs.

Comments

Leave Comment

Commenting Options

Name*
Email*
Website