A rare Mac OS X Trojan has been spotted on the internet. The AppleScript-THT Trojan horse exploits a vulnerability within the Apple Remote Desktop Agent to load itself with root privileges onto compromised Mac machines. The malware, which is capable of infecting Mac OS X 10.4 and 10.5 boxes, surrenders control of compromised systems to hackers.Keystroke logging on compromised systems, taking pictures (using the built-in Apple iSight camera) or capturing screenshots are among the hacker exploits enabled by the malware, Mac security outfit SecureMac reports. The malware weaves its malicious spell while attempting to remain undetected by opening ports in the firewall and turning off system logging.
View: The full story @ The Reg
Whoosh!
I think that covers most of the comments that this thread will contain
I think that covers most of the comments that this thread will contain
+1!
Can't wait till theres thousands of mac viruses out, shut all those bloody annoying 'my mac is godlike' prats
I think that covers most of the comments that this thread will contain
+1!
Can't wait till theres thousands of mac viruses out, shut all those bloody annoying 'my mac is godlike' prats
Keep waiting. People have been rubbing their hands gleefully saying "I can't wait!" since before 2004, when we also had trojans for OS X.
But at least we'll all make a note that you're waiting.
I think that covers most of the comments that this thread will contain
+1!
Can't wait till theres thousands of mac viruses out, shut all those bloody annoying 'my mac is godlike' prats
Keep waiting. People have been rubbing their hands gleefully saying "I can't wait!" since before 2004, when we also had trojans for OS X.
But at least we'll all make a note that you're waiting.
It looks like the wait is up.
...and so it starts!
You hit the nail right on the head there!
Then notice that Trojans have been around for OS X for years.
Not only is this nothing new, it's not even a virus.
People tend to assume that "OS X" and "virus" in the same breath = tragedy. Most of the time it's just a lot of smoke blown around by a security co. that has an interest in selling Mac users what they don't need.
When the Real Thing rolls around, then you can laugh all you like and point fingers. It'll be justified then.
Then notice that Trojans have been around for OS X for years.
Not only is this nothing new, it's not even a virus.
People tend to assume that "OS X" and "virus" in the same breath = tragedy. Most of the time it's just a lot of smoke blown around by a security co. that has an interest in selling Mac users what they don't need.
When the Real Thing rolls around, then you can laugh all you like and point fingers. It'll be justified then.
I can laugh and point fingers all I want. After all, I'm not the one that drank the Kool-Aid.
I will say that Windows is typically more susceptible to a Trojan because its users are more likely to be running as Admins. However, admin or not any user has access to the computer's TCP/IP stack and the user's data files. Maybe a Trojan can't crash your computer if you are not an admin but it can email everyone from your address list and delete all your files. Mac users are far more safe because the system is less targeted than Windows, just don't let yourself fall into foolish complacency, or as GrayWolf so eloquently said--drink the Kool-Aid.
Then notice that Trojans have been around for OS X for years.
Not only is this nothing new, it's not even a virus.
People tend to assume that "OS X" and "virus" in the same breath = tragedy. Most of the time it's just a lot of smoke blown around by a security co. that has an interest in selling Mac users what they don't need.
When the Real Thing rolls around, then you can laugh all you like and point fingers. It'll be justified then.
Haha nice come back! The mac dosen't have VIRUSES it just has TROJANS!
Gosh well sorry for our big mistake there, I mean, geez Trojans, they are not only harmless but fun!
Uh, yeah, what I really mean is, you're stupid.
I will say that Windows is typically more susceptible to a Trojan because its users are more likely to be running as Admins. However, admin or not any user has access to the computer's TCP/IP stack and the user's data files. Maybe a Trojan can't crash your computer if you are not an admin but it can email everyone from your address list and delete all your files. Mac users are far more safe because the system is less targeted than Windows, just don't let yourself fall into foolish complacency, or as GrayWolf so eloquently said--drink the Kool-Aid.
Now that you have Vista and XP SP3.
Finally.
I will say that Windows is typically more susceptible to a Trojan because its users are more likely to be running as Admins. However, admin or not any user has access to the computer's TCP/IP stack and the user's data files. Maybe a Trojan can't crash your computer if you are not an admin but it can email everyone from your address list and delete all your files. Mac users are far more safe because the system is less targeted than Windows, just don't let yourself fall into foolish complacency, or as GrayWolf so eloquently said--drink the Kool-Aid.
Now that you have Vista and XP SP3.
Finally.
There was nothing wrong with Windows 2000. In fact, that still has more market share than OS X. And yes, I did just pull that out of my ass.
I will say that Windows is typically more susceptible to a Trojan because its users are more likely to be running as Admins. However, admin or not any user has access to the computer's TCP/IP stack and the user's data files. Maybe a Trojan can't crash your computer if you are not an admin but it can email everyone from your address list and delete all your files. Mac users are far more safe because the system is less targeted than Windows, just don't let yourself fall into foolish complacency, or as GrayWolf so eloquently said--drink the Kool-Aid.
Obviously, you didn't read the entire post or even the original article.
The Trojan mentioned use the reported exploit to GIVE ITSELF ROOT.
Left out that little detail, eh?
If the said trojan is able to grant itself root / su / sudo rights, then no level of user security is going to matter.
And so have Viruses
The important difference of definition between a Virus compared to a Trojan is... a Trojan does not have the ability to distribute itself, while a Virus does. It does not matter whether the file is installed by user incompetence or not.
...and yes so technically at least one Virus I know of does exist for Macs called "OSX/Leap-A", and has existed for over two years now.
Last edited by plastikaa on 24 Jun 2008 - 10:09
"Hello i am a mac and i am a pc "
PC :"Mac what happened to you ?"
mac :"i got a virus "
Pc ; "lol you are dumb you got old virus "
mac : " *crying* "
I have a mbp and although I haven't had a virus or trojan before I still use an anti-virus, never trust www
I visit a lot of popular mac forums, usually for techy stuff and its unbelievable how naive and arrogant are those mac fan boys, its like OS X its superior over any other OS.
since they get all their info from apple and television, they dont even realize their boxes are all pwned
even UNIX is not 100% secure
then apple fanboy say like MacOS is immune and the have applicaion full of expliots read "Quicktime "
Not a real virus - need to download.
LOL, it's a Trojan. So what.
Keep trying, though.
(Nothing new, by the way . . . http://www.wired.com/politics/security/new.../11/mac_trojan)
Trojans have been around for OS X for ever!!
Seriously, most you are Windows users, and you don't even understand what you should be completely familiar with by now.
Last edited by LTD on 23 Jun 2008 - 11:35
Last edited by osirisX on 23 Jun 2008 - 11:37
Having trouble distinguishing between "Trojan" and "Virus'?
Like, how many ways do you want it explained?
This is a trojan, not a virus. And Trojans for OS X are nothing new, either.
A virus takes advantage of flaws in the operating system itself. A trojan takes advantage of flaws in the user of the operating system.
Last edited by osirisX on 23 Jun 2008 - 12:02
This trojan needs to be downloaded and installed by the user to work. The user can do a lot worse to their computer than install a trojan. That is if the user is an idiot.
Even if you are not a lady...you sure seem to have gotten your panties in a twist.
Not a real virus - need to download.
LOL, it's a Trojan. So what.
Keep trying, though.
(Nothing new, by the way . . . http://www.wired.com/politics/security/new.../11/mac_trojan)
Trojans have been around for OS X for ever!!
Seriously, most you are Windows users, and you don't even understand what you should be completely familiar with by now.
Having trouble distinguishing between "Trojan" and "Virus'?
Like, how many ways do you want it explained?
This is a trojan, not a virus. And Trojans for OS X are nothing new, either.
A virus takes advantage of flaws in the operating system itself. A trojan takes advantage of flaws in the user of the operating system.
well, yes and no, you've been blinded by steve jobs again. Yes it's a trojan not a virus, yes it does need a user to execute it. But since when is a flaw in remote desktop that allows that trojan to get root priviliges not a problem? Get of your high horse LTD, at least admit that this is a serious problem. Every guest on a mac pc can now download that trojan and **** up the entire system, not only his user directory. That's what I like to call, very bad!
Umm....then how do you think a Windows virus spreads? Only a VERY small number of Windows viruses have spread because of a remote exploit, you can count them on one hand. Everything else requires the user to do something stupid.
Here's some logic that you can't argue with. Malware = malware.
Malware exists for the Mac.
Despite what the poorly dressed, unshaven kid on TV tells you.
Having trouble distinguishing between "Trojan" and "Virus'?
Like, how many ways do you want it explained?
This is a trojan, not a virus. And Trojans for OS X are nothing new, either.
A virus takes advantage of flaws in the operating system itself. A trojan takes advantage of flaws in the user of the operating system.
so what youre trying to say is that the mac has always been just as insecure as every other platform, so whats the big deal?
i agree
A virus takes advantage of flaws in the operating system itself. A trojan takes advantage of flaws in the user of the operating system.
So by your logic, trojans and any other malware that prompts for installation on Windows systems are a non-issue as well?
Having trouble distinguishing between "Trojan" and "Virus'?
Like, how many ways do you want it explained?
This is a trojan, not a virus. And Trojans for OS X are nothing new, either.
A virus takes advantage of flaws in the operating system itself. A trojan takes advantage of flaws in the user of the operating system.
EARTH TO LTD!
This Trojan pwns your white-box. Majorly, as in GIVING ITSELF ROOT / SU / SUDO rights via the expoit. I can hardly wait to see the pics taken of you with your iLife cam without your knowledge.
Why deny, guy?
btw - My PCs have been 100% virus-free since 1987. Never had a single one. How? By following these rules:
1) NO WAREZ
2) NO PR0N
3) NO CRAKZ
4) 100% Paid-for & Legitimate Software.
5) 100% Virus protected
Umm....then how do you think a Windows virus spreads? Only a VERY small number of Windows viruses have spread because of a remote exploit, you can count them on one hand. Everything else requires the user to do something stupid.
+1.
This is an obvious problem. Seeing as basically everyone I know has a PC (even Mac owners, except sadists who are "loyal" to their "side" of the OS "war"
For example, say Mac has 5% marketshare. 2.5% of the 5% are advanced users who know what they are doing, and the others are noobs. So, take Windows. 95% marketshare, say around 15% are advanced users. It seems sad but its true, not many people stare at a PC screen for kicks). So that 80% who don't know much about how to use PCs (kids, oldies, casual users), they download crazy stuff that occasionally has a virus in it. Oh no! The actual rate of getting viruses are very slim, for both Mac and PC. But since PC has a much higher (and much lower experise in its users) marketshare, it is fairly easy to claim, by using math as a resource, that PCs get more viruses.
Having said that, it's sloppy of Apple to have let that slip through and it'll be interesting to see how they respond. They were certainly a bit sluggish when it came to the Safari for Windows 'carpet bombing' issue.
Still, Apple Remote Desktop is most likely doing the rounds on bittorrent, complete with it's unwanted guest, so Mac users who think "it'll never happen to me" could be in for a nasty surprise.
PS - I'm not a fanboy of any OS. Gimme a cold beer or a hot woman any day...
Ha-ha! Apple zombies are attacking!
Actually, Vista has had fewer vulnerabilities than OSX since its release.
http://www.youtube.com/watch?v=qB_K66mrZi4
Macs don't get viruses
If so, then duh. Just as vulnerable as okaying a Vista UAC prompt on Vista.
If not, then yes it's a vulnerability, full stop. A script run on the user level that is able to kick itself to root level WITHOUT the user being able to intervene is definitely a vulnerability.
Because tricking stupid users to run them is much easier than reverse engineering operating systems and looking for potential exploits.
I guess the good hackers had grown up and got high-paying jobs as security consultants.
Ok I wont download and run this dodgy program. Saying that, if I ignore the warning OSX gives when I first run it, I give it my password and then I also allow it to access my keychain, it must be a design flaw in OSX.
This isnt much different than giving somebody I dont know the username and password to Remote Desktop, then they can log in and start formatting drives.
Requires admin privledges? No. Requires ARD management software? No, all Apple machines already have ARD agent. Requires ARD to be enabled? Probably.
Requires admin privledges? No. Requires ARD management software? No, all Apple machines already have ARD agent. Requires ARD to be enabled? Probably.
While im not willing to try it, you would have to get some OS message at some point I would suspect. Either the download do you want to run? or the run for first time?
Best thing to do is run little snitch, it alerts you to everytime an app try to access the internet.
Hmm. A thought: Would software like Little Snitch (for Windows users, think "ZoneAlarm for Mac"
...Think I'm'na do my browsing on my Slackware box for a while.
Viruses: A "program" that infects other files. It can infect other files once loaded into memory by hooking into vital system calls and modifying the contents of newly opened files as they are accessed. It relies on the user opening an infected file to start spreading.
Trojans: A program created with either playful or malicious intent. It requires the user to install it either knowingly or unknowingly. The trojan may be packaged with another legitimate program via a binding application. This program cannot infect other files and therefore cannot spread but the person controlling can upload other viruses, spyware, or malware once connected. It may not be able to bypass firewalls although may try to connect via pre-existing open ports.
Spyware: Spyware is a program that is created to "spy" on a user activities. It usually provides targeted advertisements to the user based on their activities and reports them back to the company that created it. Spyware may be installed into the machine legitimately or may be packaged with another program and the user may not of known that it was done. Spyware is usually an annoyance but not harmful to the computer.
Malware: A program that is designed to deceive the user into installing the software. Most of the time it is shown as anti-virus software that claims to have found an unknown number or a known number but no list of viruses or spyware and attempts to get the user to buy the software. In some rare cases this malware may of been packaged with spyware. Malware is very annoying usually and can become very difficult to remove properly.
Last but not least are the downloaders. These things will download (and re-download if needed) spyware and/or malware. Usually you know you have one if you remove said spyware and/or malware and those same ones come back within a week. Most anti-spyware, anti-virus, or anti-malware programs will not find these applications. Usually they will have to be located by hand. They can hide just about anywhere including but limited to as a non plug and play driver. (Yes. I have seen this for I had to remove one.
ill still be sleeping the same as before reading about this
ill still be sleeping the same as before reading about this
Here ya go: http://www.google.com/search?q=AppleScript.THT
There are already variants in the wild.
Keep sleeping...
i skiped to Page 8 of the google Results you linked,,, same thing, just diffrent people reporting that SecureMac read something somewhere
ill still be sleeping the same as before reading about this
Here ya go: [google]AppleScript.THT[/google]
There are already variants in the wild.
Keep sleeping...
I would like a macbook, but their too expensive. I would probably use linux everyday, but too many applications I use on a daily basis require windows. Windows grasped their user-base because they made the OS easy... too easy... and that's where Vista killed the legacy.
HAHAHAHAHAHAHAHAHAAHAHAHAHA!!!!
HAHAHAHAHAHAHAHAHAAHAHAHAHA!!!!
Talk about the most biased response I’ve ever read. Mac fan boys are smug, granted.. but you have some serious issues. Your comments were totally unwarranted. Welcome to my ignore list.
This software vulnerability needs corrected and I'm more than sure Apple knows about the issue. I'd expect a patch very soon. I also expect OS X antivirus/antimalware to be a big hit in the coming months ahead.
HAHAHAHAHAHAHAHAHAAHAHAHAHA!!!!
Talk about the most biased response I’ve ever read. Mac fan boys are smug, granted.. but you have some serious issues. Your comments were totally unwarranted. Welcome to my ignore list.
This software vulnerability needs corrected and I'm more than sure Apple knows about the issue. I'd expect a patch very soon. I also expect OS X antivirus/antimalware to be a big hit in the coming months ahead.
Like I care about you adding me to ignore...and yes I am aware you may not see this.
Everyone is entitled to their own opinions and people here have made similar comments. If you dont like what I have to say, then ignore it. This is what I do. Cannot expect everyone to agree with you. And If this is the most biased response you have ever read, then you must not post online much...haha.
I do hope apple gets off their asses and pays more attention to their software as I am SURE it is riddle with security bugs. Yea, Windows is as well but it is a fact that MS is the fastest to release patches for their OS. I dont know how many times a day I hear things about how much more secure a Mac is over a PC. I guess that is why a Mac was hacked in under 2min when they had the contest against Linux, Mac, and Windows.
But anyway, I hope I am on your ignore list because if you are so offended by my comment, I dont really want to associate with you.
HAHAHAHAHAHAHAHAHAAHAHAHAHA!!!!
Talk about the most biased response I’ve ever read. Mac fan boys are smug, granted.. but you have some serious issues. Your comments were totally unwarranted. Welcome to my ignore list.
This software vulnerability needs corrected and I'm more than sure Apple knows about the issue. I'd expect a patch very soon. I also expect OS X antivirus/antimalware to be a big hit in the coming months ahead.
Have fun with that ignore list. Eventually (hopefully) they'll make it so you can ignore news comments...
Last edited by LTD on 23 Jun 2008 - 20:23
Good. Now run it.
I could also choose to beat my Mac's screen with a hammer, or choose to dual-boot Windows.
I could choose to do all those things. No real conditions need to be met. But with your example, I'd even have to meet certain conditions to be even at risk before it will ever come down to choosing to run it.
Nothing runs or gets installed on OS X without my permission. It's always been this way. For years.
Last edited by LTD on 23 Jun 2008 - 20:49
You've always been here, you've always been welcome, but we wait for the day that you come down from Mount Sinai and your religious evangelical platform misconceptions and join with the rest of the computer using world in what we like to call "reality".
That's a great policy. In fact, every PC owner I know follows the same one which is why we don't have issues with malware. EVEN THOUGH they do exist for our platform. Funny how the same thing can be said about YOUR platform.
The difference, I think, is in the attitude of the users themselves
I could also choose to beat my Mac's screen with a hammer, or choose to dual-boot Windows.
I could choose to do all those things. No real conditions need to be met. But with your example, I'd even have to meet certain conditions to be even at risk before it will ever come down to choosing to run it.
Nothing runs or gets installed on OS X without my permission. It's always been this way. For years.
of course you would have no idea what is a trojan and what isnt since you have no antivirus protection
Good. Now run it.
Priceless
You've always been here, you've always been welcome, but we wait for the day that you come down from Mount Sinai and your religious evangelical platform misconceptions and join with the rest of the computer using world in what we like to call "reality".
I'll come down . . . when that day arrives.
In all seriousness, it's nice to see that you wrote I'm welcome. I feel the same about everyone else, regardless of argument/opinion.
I could also choose to beat my Mac's screen with a hammer, or choose to dual-boot Windows.
I could choose to do all those things. No real conditions need to be met. But with your example, I'd even have to meet certain conditions to be even at risk before it will ever come down to choosing to run it.
Nothing runs or gets installed on OS X without my permission. It's always been this way. For years.
Bro, I hate to point this out... but you just compared executing this trojan to smashing your screen with a hammer. I had no idea the trojan was that strong. Serious problem it is.
Now I wonder what hacking programs are more widely available to hack against... hm.. could it be windows? The Mac may have been easily exploited because they havent built up a patched immunity...
You must've not read the article. The only instructions were "Go to this URL."
You must've not read the article. The only instructions were "Go to this URL."
Should have just let it sit as is.
It's really not worth getting into, it really isn't.
This happens a couple of times every year, and this is invariably the reaction. Like, every time. Since before 2004.
Every year we get news of these new Mac trojans, nothing really arises, except for comments like "NOW, the Mac is compromised for good." Every year, it's NOW. And still nothing.
I'm pleased with OS X's track record. No viruses. It must count for something. The competition, after years and years of lousy security practices adopts what OS X and Linux have had for as long as anyone can remember, and suddenly we hear all these loud voices.
I hope you'll forgive OS X users' cavalier attitude to viruses. it's just that we haven't been infected in the wild. At all. Since 2001. And amidst all these alleged OS X trojans appearing (since before 2004), still nothing.
It might be market share, it might be UNIX/Free-BSD's intelligent design. Whichever.
When Microsoft finally gives you in 2007 what you should have had in 2001, I'd spend more time being grateful that the OS X's, Linuxes and Unixes existed to light the way.
Yes, but Vista hit the shelves in early 2007.
Yes, but Vista hit the shelves in early 2007.
Oh. I didn't know to what you were referring.
In any case, Trojans are bad, irrespective of how or why they end up on a computer. This is a bug. Apple needs to fix it. Sometimes people find similar holes in Microsoft products - they also need to be fixed. *shrugs*
sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent
and your safe... no need for antitrojan or even less antivirus...
This removes SUID bits from ARDAgent, so it cant run as root...
Done...
sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent
and your safe... no need for antitrojan or even less antivirus...
This removes SUID bits from ARDAgent, so it cant run as root...
Done...
What happens when you run "Repair Permissions"?
http://www.tuaw.com/2008/06/19/ardagent-se...es-an-easy-fix/
This should help to allay some fears for now, at least until Apple cranks out a patch to fix this.
Oh, this pwncall's for you!
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.