![]() To protect your system against this threat, run MacScan 2.5.2 (MacScan is a product of SecureMac) with the latest Spyware Definitions update (2008011), dated June 19th, 2008. Until a patch is issued for the Apple Remote Desktop Agent exploit, SecureMac classifies the security risk presented by this Trojan horse as high. If the filename of the Trojan horse has not been changed, it can be located in the /Library/Caches folder under the name AStht_06.app. Once installed, the Trojan horse turns on File Sharing, Web Sharing, and Remote Login. Once the Trojan horse is running, it will move itself into the /Library/Caches/ folder, and add itself to the System Login Items. The user must download and open the Trojan horse in order to become infected. The Trojan is distributed as either a compiled AppleScript, called ASthtv05 (60 KB in size), or as an application bundle called AStht_v06 (3.1 MB in size). The Trojan horse exploits a recently discovered vulnerability with the Apple Remote Desktop Agent, which allows it to run as root. Additionally, the AppleScript.THT Trojan horse can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing. The Trojan horse runs hidden on the system, and allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging. The source code for the Trojan horse has been distributed, indicating an increased probability of future variants of the Trojan horse. The Trojan horse is currently being distributed from a hacker website, where discussion has taken place on distributing the Trojan horse through iChat and Limewire. SecureMac has discovered multiple variants of a new Trojan horse in the wild that affects Mac OS X 10.4 and 10.5. AppleScript.THT Trojan Horse – Mac OS X New OS X Trojan Horse in the WildSecureMac Security Advisory
0 Comments
Leave a Reply. |