 |
 Stephen Withers turns his gaze on the world of Apple, with
detours into other aspects of IT and communications as they catch his
attention. |
Technology news and Jobs 
Our Blogs Core Dump Drive-by downloads danger from new Mac Trojan: Symantec
Our Blogs Core Dump Drive-by downloads danger from new Mac Trojan: Symantec | Drive-by downloads danger from new Mac Trojan: Symantec |
|
| by Stephen Withers | |
| Tuesday, 24 June 2008 | |
|
Page 2 of 3 More information has been revealed about the Asth/Hovdy Trojan, and it seems it does not rely on Apple Remote Desktop to do its dirty deeds.These include disabling system logging and deleting system log files, disabling third-party security software and system updates, and opening certain firewall ports. If it finds itself running on a system without Apple Remote Desktop software (it only became a standard part of the operating system in version 10.5), it installs a third-party VNC server to provide equivalent functionality. The Trojan also installs PHP if necessary; starts PHPShell, ARD or VNC, and ssh; and grabs password hashes that could be cracked to gain access to other systems. Variations of Astht/Hodvy may also install a keystroke logger, activate the iSight camera, capture the contents of the Mac's screen, and turn on file sharing. The Trojan attempts to use a privilege escalation vulnerability in Apple Remote Desktop. The underlying issue appears to be that Apple Remote Desktop runs as root in order to perform system update function, and it also supports AppleScript to allow remote management tasks to be automated. Can anything be done about that? See page 3. |
| < Next story in category | Previous story in the category > |
|---|
