Posted on 06/20/2008 10:10:44 PM PDT by Swordmaker
Security researchers are warning users of a crop of new malware threats that have appeared for the MacOS in recent days.
The outbreak includes two Trojan applications and a publically disclosed remote code execution vulnerability.
Security firm Intego, which last fall uncovered the Mac 'DNS Changer' trojan, told vnunet.com that it had discovered a new malware threat posing as a poker game.
According to Intego, when the user attempts to launch the application, simply titled 'PokerGame', a dialog box appears asking for the machine's administrator password. When the password is entered, the application executes a script that logs the user's name, password, and IP address, then uploads the stolen data to a remote server.
An attacker would then have the ability to remotely access and control the system, says Intego.
Separately, Intego disclosed a vulnerability in OS X's Remote Management agent which could allow an attacker to remotely execute code with the privileges of the current user. A spokesperson told vnunet.com that the issue has been reported to Apple and no attacks in the wild have been reported as yet.
Meanwhile, fellow security vendor SecureMac reported another OS X trojan. The attack is distributed either an AppleScript known as ASthtv05, or bundled as an application under the AStht_v06. When executed, the script will allow an attacker to remotely access the user's iSight camera, log keystokes, retrieve screen shots and manipulate file sharing settings.
The reports mark the first new malware threats for the MacOS since last fall when a DNS changer trojan was spotted posing as a video codec. Security has long been a top selling point for Apple, as Mac malware has been seen as virtually nonexistent in comparison to the hundreds of thousands of malicious apps currently threatening Windows.
In addition to their own security software, both Intego and SecureMac recommend that users follow best practices of not opening unsolicited or suspicious files.
"Show me just what Mohammed brought that was new, and there you will find things only evil and inhuman, such as his command to spread by the sword the faith he preached." - Manuel II Palelologus
Don’t knock complicity of the user as a method of trading viruses. Iloveyou needed the user to double click on it and hit 10% of the computers on the net. People are always the biggest security hole.
From what I have been able to find, it is a vulnerability being discussed primarily on a couple of hacker sites, the "exploits" are suggested means of deployment being bantered back and forth between the hackers and not existing threats. Some hackers have assembled Applescripts that if run MIGHT do something.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.