Trojan For Mac OS X 10.4, 10.5 Found

[CadCrazy]

SecureMac has discovered multiple variants of a new Trojan horse in the wild that affects Mac OS X 10.4 and 10.5. The Trojan horse is currently being distributed from a hacker website, where discussion has taken place on distributing the Trojan horse through iChat and Limewire.
The Trojan horse runs hidden on the system, and allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging. Additionally, the AppleScript.THT Trojan horse can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing. The Trojan horse exploits a recently discovered vulnerability with the Apple Remote Desktop Agent, which allows it to run as root.




Read more ---------

[praka123]

question is whether the so called trojan can reach a root access? NO? then this trojan is a waste

[CadCrazy]

To tume kya lagta hai ki ye Secure Mac wale kya Kerela ke kabari bazar se aaye hain kya

[goobimama]

Quote:

To protect your system against this threat, run MacScan 2.5.2 (MacScan is a product of SecureMac) with the latest Spyware Definitions update (2008011), dated June 19th, 2008. SecureMac recommends that users download files only from trusted sources and sites.

Seems to me like they want to sell something here...

[CadCrazy]

Ya thats what all av companies do. I think they are making others(hell bent society) thinking to write crapware for mac

[nepcker]

http://www.ambrosiasw.com/forums/ind...owtopic=102379

You cannot be infected by this unless you do all of the following:

1) Are somehow sent (via email, iChat, etc.) or download the "latestpics.tgz" file

2) Double-click on the file to decompress it

3) Double-click on the resulting file to "open" it

...and then for non-Admin users, it fails to infect most applications.

You cannot simply "catch" the virus. Even if someone does send you the "latestpics.tgz" file, you cannot be infected unless you unarchive the file, and then open it.

A few important points

-- This should probably be classified as a Trojan, not a virus, because it doesn't self-propagate externally (though it could arguably be called a very non-virulent virus)

-- It does not exploit any security holes; rather it uses "social engineering" to get the user to launch it on their system

-- If you're not running as an admin user, it will silently fail to infect most applications

-- It doesn't actually do anything other than attempt to propagate itself via iChat, and then only via Bonjour! (aka "Rendezvous) -- it does not sent itself over the Internet, rather just to your local Bonjour user list

-- It has a bug in the code that prevents it from working as intended, which has the side-effect of preventing infected applications from launching

-- It's not particularly sophisticated

--I'd really be tempted to call this thing a non-event; it's poorly written, can't spread beyond your local network, is unlikely to infect anything on most machines, and needs user interaction to do anything at all--

A good rule of thumb is: if your user account allows you to install an application without entering your password, then this trojan/virus can modify (infect) that application without you entering a password. Regardless, it can install the "apphook" InputManager portion of its payload no matter what type of user account you have (admin or non-admin).

To be on the safe side...

DO NOT DOWNLOAD OR RUN THIS FILE



See the link for details.......