News, info, and opinion by Mac users, for Mac users.

June 23, 2008

security

OS X Trojans in wild: beware of geeks bearing gifts

Posted Jun. 23, ’08, 9:05 AM PT by Dan Moren
Category | Security

Trojan HorseYou know, it’s kind of a shame that those poor guys from Troy have only ended up being remembered as the people the Greeks beat the tar out of. I mean, I’m sure they accomplished plenty in their lengthy history that would have have been worthy of notice and study, but you fall for one giant wooden horse and whoosh—that’s anything anybody ever remembers.

So, it seems a pair of Trojan Horses (technically, shouldn’t they be Greek horses, anyway?) targeting OS X have been identified and worse, have actually been found in the wild. The first, an AppleScript called ASthtv05 (because that’s a clever name that makes people want to download it—these guys need to take lessons from phishers or advertising execs or something—seriously, you might as well call it NastyTrojanHorse78) has been popping up on file-sharing service LimeWire and elsewhere. Once downloaded and run, the script will allow remote access to your Mac and can even provide usernames and passwords; in addition, it can activate file sharing and log keystrokes (it seems as though it takes advantage of the Apple Remote Desktop vulnerability Derik mentioned last week—if you don’t use ARD regularly, it might be worth archiving and removing it, as Derik describes in the above post).

The second Trojan, the more cleverly named “PokerGame”, prompts you for your admin password when run, claiming a preference file corruption (something you wouldn’t need an admin password for, though many users may be unaware of this). It’ll then start ssh and send your username, password hash, and IP address to a server, allowing the hackers to potentially crack your password if it isn’t very robust.

As always, we here at MacUser remind you to practice safe computing: the best way to avoid a Trojan is common sense: be careful about what programs you download and open. And before we get to the freakout stage, let’s just quickly revisit the malware scoreboard: that’s OS X: 2, Windows: eleventy bajillion. Feel better?


5 Comments

Ret said:

I’m sure they accomplished plenty in their lengthy history that would have have been worthy of notice and study...

I've been told that a few trojan survivors founded Rome. Oops.

June 23, 2008 9:58 AM
Goobi said:

Hmm... So the first one doesn't require an admin password to be executed? Then it is serious. I hope Apple fixes those holes or whatever it is that is allowing these greek horses access...

June 23, 2008 12:55 PM
John said:

Those people, such as the author -- who seek reassurance by looking at the small number of OSX viruses -- miss the point that, with Windows, there is the widespread safety net of anti-virus software. Whereas, with OSX, as more of these Trojans are produced, once the user clicks the button, there is seemingly no remedy. After all, articles such as this contribute to the Mac community not using anti-virus software. Can you write an article about what Mac users would do if they did click on one of these Trojans. I'm sure they'd be in a bigger mess than a Windows users, since the Windows user has access to resources for removing these things, whereas Mac users don't.

June 23, 2008 5:40 PM
David Arthur said:

John: These are trojan horses - programmes that do something other than what they say - not viruses that can 'infect' your computer. I don't know the details of what the first one mentioned does, but since the second one's trick is to send out information which might help guess your password, the solution is to delete the programme and change your password.

June 24, 2008 11:57 AM
mao said:

easy guys. Both Windows and mac have been around for a while and rest assured that these aforementioned stallions will NOT hurt us mac addicts as much as the viruses that Windows is plagued with.

I have used macs for 10 years and have heard of many viruses and horses but as 99.9% of my fellows, have never gotten sick. I wonder if they are real

June 24, 2008 3:52 PM

Leave a comment

 



Visit other IDG sites: