Chutneytech | UK Technology News

?

With the popularity of Apple?s Mac computers rising steadily, dangerous malware viruses and Trojans are now being targeted at the OS X operating system. The most recent indication of the growing problem came courtesy of a security advisory release by SecureMac, warning that multiple variants of a new Trojan horse is read to run wild all over OS X 10.4 and 10.5.

?

SecureMac has noted that while the Trojan, which is based on AppleScript and currently called ?ASthtv05,? it is only being distributed by a hacker website at this point, discussions have been asking how it could spread more widely.

?

Up till now, Mac has been pretty much safe from viruses, Trojans and security vulnerabilities that have often overrun Windows-based PCs. This new Trojan, however is giving some serious cause for concern.

?

Nicholas Raba, president of SecureMac, said, “We classified this risk as critical. The reason is that it takes advantage of an exploit that was discovered for Apple’s operating system, the Apple Remote Desktop Agent, which allows the user to escalate privileges to root. This Trojan takes advantage of that, therefore it doesn’t need to enter any administrative user names or passwords - it bypasses all of that. Once it’s launched, it gains root privilege.?

?

SecureMac gave a brief on what the Trojan does to an Apple system: ?The Trojan runs hidden on the system, and it allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging. Additionally, the AppleScript.THT Trojan can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file-sharing.?

?

The 60 kilobyte ASthtv05 Trojan is distributed as either a compiled AppleScript or as an application bundle called ?AStht_v06?, which is 3.1 MB in size. The user must download and open the Trojan in order for their Mac to become infected. Once running, the Trojan moves itself into the /Library/Caches/ folder and adds itself to the System Login Items.

?

Sound pretty worrying for Mac users.

?

“As more users are switching over to the Mac environment, so are the researchers,” Raba said.

“As far a wake-up call, this definitely shows that people are out there researching it. There are 47 pages of discussion on this Trojan. The source code is available for it, so we know we are going to see variants of it - once you make the source code available, people come up with new ideas for it, and you’ll see an instant spread,” he added.

?

SecureMac?s own product, MacScan 2.5, will detect and remove the Trojan, users will wonder if Apple can patch this problem.

?

“The script itself uses an exploit in Apple’s operating system — I’m sure they will patch it in a timely manner,” Raba said, noting that the original post was made to Slashdot, which means that Apple didn’t get a vendor heads-up on the issue ahead of time. Some security researchers - as opposed to outright “hackers” - will either alert vendors of problems or attempt to sell the problem for profit.

This entry was posted on Monday, June 23rd, 2008 at 12:06 pm and is filed under News, Software Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.