[Swordmaker]

MAc malware FUD article from the Houston Chronicle—PING!

It's the fault all of those "security-clueless" Windows to Mac switchers...

Mac FUD Ping!

If you want on or off the Mac Ping List, Freepmail me.

[rabscuttle385]

In other words, these users' bad computing habits are a major cause of their own woes.

Ay yi yi. Tech ping!

[Swordmaker]

The "OSX/Hovdy-A Trojan" referred to in the article has never been seen in the wild. In fact, it is not even a proof-of-concept malware.

As reported here on FR, Hovdy-A was merely a discussion in a hackers forum about how malware writers MIGHT exploit a newly found vulnerability in OSX. They postulated that it might be included in an Applescript that someone might download... another suggested that it be put into an Application—he suggested a Poker game. Some even went so far as to write some sample scripts... none of which were actually workable.

The list of things that Hovdy-A "does":

• disable system logging and delete system log files
• start PHPShell and web server
• start ARD, VNC and SSH services
• disable system updates
• open ports in the firewall
• disable third party security software
• install LogKext keylogger
• steal various password hashes and keys which may be used to compromise other systems

was merely speculation offered by various comments on the thread about the ARDAgent vulnerability. The fact is that it does NONE of those things.

The last comment in the Sophos listing for OSX.Hovdy-A, "OSX/Hovdy-A will also attempt to use the ARDAgent vulnerability to obtain root access," is particularly funny—it is ONLY through exploiting the ARDAgent;s permission to run as ROOT would it be able do ANY of the preceding list items!

If this "trojan" could do all of what was listed, it would have garnered a far higher threat rating than "slightly-higher-than-low."

The vulnerability can be negated by simply moving ARDAgent to another directory, renaming ARDAgent, changing the permissions of ARDAgent, or merely running ARDAgent for yourself.

[tubebender]

I picked up some kind of persistent pop up on my 6 month old iMac from a eMail link to a you tube video yesterday and I had to do a force quit of my Camino browser. I should have written down what it said but it claimed it was a anti adware for windows XP and I don't have MSFT on my box.

The wording was poor grammar similar to the “All your bases are belong to us”

[ShadowAce]