 |
 Stephen Withers turns his gaze on the world of Apple, with
detours into other aspects of IT and communications as they catch his
attention. |
Technology news and Jobs 
Our Blogs Core Dump Dastardly duo of Mac OS X Trojan threats on the loose in the wild
Our Blogs Core Dump Dastardly duo of Mac OS X Trojan threats on the loose in the wild | Dastardly duo of Mac OS X Trojan threats on the loose in the wild |
|
| by Stephen Withers | |
| Monday, 23 June 2008 | |
|
Page 2 of 2 The other Trojan is known as Astht, short for AppleScriptTHT. The problem here is that the Apple Remote Desktop software (part of Mac OS X) can be tricked into executing code as root.At least two variations of Astht have been detected in the wild. Their capabilities include keystroke logging, activating the iSight camera, taking screen shots, and turning on file sharing. Symantec and other security vendors have issued advisories about Astht without describing its purported function. An unofficial workaround to protect against Astht is to remove setuid from ARDAgent (eg, sudo chmod -s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent ), although this could interfere with legitimate use of Apple Remote Desktop for remote system administration. Although these threats are Trojans and therefore rely on users running them (as opposed to nastier forms of malware that exploit software vulnerabilities to get their hooks into systems without user involvement), they show that Mac OS X is getting more attention from the malware merchants. Sensible users will take these developments as a wake-up call, and review their security practices.
Get stories like this delivered daily - FREE - subscribe now
|
Tags
| < Next story in category | Previous story in the category > |
|---|
