New Mac OS X Trojan horse identified
Monday, June 23, 2008 - 04:30 PM EDTThe OSX/Hovdy-A Trojan horse, which relies on the user giving it permission to install itself, is an attempt to steal passwords, open firewall to give access to hackers, and disable security settings.
The Hovdy-A Trojan horse takes advantage of a vulnerability in Apple's Mac OS X operating system, affecting the Apple Remote Desktop Agent (ARDAgent), to gain root access. Once the user has given permission and installed the OSX/Hovdy-A Trojan horse, the hacker can gain complete control of the compromised Macintosh - covering its tracks by disabling system logging.
This Trojan horse relies on the user giving it permission to install. Using social engineering techniques, the Trojan horse could be disguised as a game, a video codec, etc.
When run the Trojan will attempt to install itself to the /Library/Caches folder and perform the following tasks:
- disable system logging and delete system log files
- start PHPShell and web server
- start ARD, VNC and SSH services
- disable system updates
- open ports in the firewall
- disable third party security software
- steal various password hashes and keys which may be used to compromise other systems
OSX/Hovdy-A will also attempt to use the ARDAgent vulnerability to obtain root access.
More info via Spohos here.
MacDailyNews Note: As always, do not download, authorize, and install software from unknown, untrusted Websites or any other sources.
MacDailyNews and iPodDailyNews are Apple Store affiliates and if you buy something from the Apple Store within 24-hours after clicking any one of our Apple Store ads, we will receive an affiliate percentage from Apple. There is no extra cost to you. Canadians please use this link: Apple Store Canada. Thank you in advance for helping to support MacDailyNews and iPodDailyNews.
Apple Store Advertisements:
• Buy a Mac for college and get a free iPod touch. Hurry! Expires 9/15.
• iPod touch. The funnest iPod ever. Starting at $229. Free Shipping.
• iPod nano. New design. New features. Starting at $149. Free shipping.
• The all-in-one iMac. Now at speeds up to 3.06GHz. Free shipping. From $1199.
• The more powerful Macbook Pro. Latest Intel Core 2 Duo, Multi-Touch trackpad, and more. From $1999.
• MacBook. Now even Faster. Featuring Intel Core 2 Duo up to 2.4GHz. From $1099.
• Visit the Apple Store today. Free ground shipping on all orders over $50.
MacDailyNews on Twitter
Related articles:
Mac OS X Scareware trojan ‘MacSweep from Imunizator’ tries to scam Mac users - March 29, 2008
The Wall Street Journal blows it, calls simple trojan a ‘Mac virus’ in headline - November 02, 2007
Mac DNS Changer Trojan [OSX/Puper] relatively simple; works like the Windows version - November 01, 2007
Warning: Mac OS X Trojan Horse making the rounds - October 31, 2007
Ars Technica: Fears over new Mac OS X ‘Leap-A’ trojan pointless - February 20, 2006
Mac OS X so-called Trojan horse ‘exaggerated FUD to sell security software, a non-issue’ - April 10, 2004
= 
Let FUD begin!