New Mac OS X malware opens backdoor to computer

Intego this week released a security memo warning of a new malware variant for Mac OS X named “OSX/HellRTS.D”. When installed on the computer, the software initiates a backdoor that opens the computer to remote control and infection for malicious intent. 

HellRTS.D is based on an earlier version for Mac OS X that was discovered in 2004. A RealBasic-based universal binary, the malware can affect both PowerPC and Intel-based Macs if installed. Once installed, the software performs a multitude of tasks and leaves the computer open to various damaging actions:

"It sets up its own server and configures a server port and password. It duplicates itself, using the names of different applications, adding the new version to a user’s login items, to ensure that it starts up at login. (These different names can make it hard to detect, not only in login items, but also in Activity Monitor.) It can send e-mail with its own mail server, contact a remote server, and provide direct access to an infected Mac. It can also perform a number of operations such as providing remote screen-sharing access, shutting down or restarting a Mac, accessing an infected Mac’s clipboard, and much more."

The good news for Mac users though is that Intego rates the risk of infection as “Low” and that no Macs have been found to be infected in the wild. Installation requires physical access to the computer and the malware is only being distributed among some forums. Intego’s VirusBarrier X6 can identify and remove the malware if found on the computer.

Image credit Intego.

Report a problem with article
Previous Story

Apple countersues Kodak over patent infringement

Next Story

Gizmodo reveals Apple engineer who lost iPhone prototype, paid $5,000 for it

67 Comments

Commenting is disabled on this article.

Ad Man Gamer said,
LOL. all the stubborn fan boys who have no anti virus, thinking there mac is immune, are SOOO gonna get this ****.
Good!! More $$$ for me cleaning them.

Edited by war, Apr 20 2010, 11:52pm :

mrmomoman said,
Ahh the debate rages on MAC VS PC.

Funny how people never stop debating this. It's like politics or religion.

Yea, it seems that both PC users and Mac users are very defensive. They will turn any article they can into a Mac vs PC debate, even when the article has nothing to do with that. Heaven forbid we actually have an intelligent debate with the issue at hand.

Senlis said,

Yea, it seems that both PC users and Mac users are very defensive. They will turn any article they can into a Mac vs PC debate, even when the article has nothing to do with that. Heaven forbid we actually have an intelligent debate with the issue at hand.

I think that Mac users tend to be defensive and PC users (as of late) are increasingly offensive. Look at any piece of MS news and you rarely see someone post the "M$" cliche. If they do ,they are sharply criticized. All Apple news consists of comments from people who hate Apple for whatever reason trolling. They want to stereotype all Apple users as fan boy sheep because they purchased a computer that cost about $100 more and didn't come with bull**** OEM crapware apps installed.

How come intego found this malware but no users infected?
Do they have an agreement with hackers or they just want to sell antivirus?

CoolBits said,
How come intego found this malware but no users infected?
Do they have an agreement with hackers or they just want to sell antivirus?

I have long been of the belief that many if not most forms of malware are actually written by the antivirus vendors. This seems to be especially true of Intego, who releases a press release about once a year informing the world of some new OS X malware that they have magically found, although it is not in the wild, and probably never will be.

roadwarrior said,

I have long been of the belief that many if not most forms of malware are actually written by the antivirus vendors. This seems to be especially true of Intego, who releases a press release about once a year informing the world of some new OS X malware that they have magically found, although it is not in the wild, and probably never will be.


Then some widnows fans see stories like this, read only what they want to hear and then they spit all over osx, on various forums, that it has viruses too LOL
Though this is a bad commercial in my point of view...

tcsdoc said,
Is this an article designed to inform Mac users or a commercial for Intego?
Latter of course. How else does neowin stay in business?

Gladiatorus said,
Mac OS X: The most secure operating system of the world. HA!

I can count the number of instances of malware for OS X on my hands. How many thousands of people's hands would you need to count all of the variety of malware for Windows?

roadwarrior said,

I can count the number of instances of malware for OS X on my hands. How many thousands of people's hands would you need to count all of the variety of malware for Windows?
Then you dont have a clue. Perhaps you should do some research. You can't count them, seeing as the number is unknown..

Yuck... I hope I'm not running anti virus on my Mac anytime soon. Just be careful what you open and run just like windows. And just like windows, if it is fresh off the Internet then the OS prompts you with a "are you sure you want to do this?". And just like windows, people will click through and get infected. It just sucks to see this stuff start to pop up for Mac . It was inevitable...

Shadrack said,
Yuck... I hope I'm not running anti virus on my Mac anytime soon. Just be careful what you open and run just like windows. And just like windows, if it is fresh off the Internet then the OS prompts you with a "are you sure you want to do this?". And just like windows, people will click through and get infected. It just sucks to see this stuff start to pop up for Mac . It was inevitable...

Obviously. People make out Macs to be so secure. Yes, they are secure from being infected from just sitting there and from remote attacks but they aren't protected against a dumb user. The machine will allow the user to install whatever they want, including malware which they were tricked into thinking is something good (a trojan)

MarenLBC said,

Apple makes the best PCs on the market.


Great machines (save a few hiccups), but you are definitely paying a bit of apple tax. I say this as I contemplate buying a 13" MPB that as of now is second on my list.

Then again they arent perfect like many make em out to be.

Mike415 said,

Great machines (save a few hiccups), but you are definitely paying a bit of apple tax. I say this as I contemplate buying a 13" MPB that as of now is second on my list.

Then again they arent perfect like many make em out to be.

There is no Windows Based Slate, Laptop, or Desktop that matches the style and quality of any of Apple's offerings. When you add in OS X and the impeccable service you receive from Apple the extra money you spend is well worth it.

MarenLBC said,

Apple makes the best PCs on the market.

The ironic thing is that Mac implies that they are not Personal Computer's, and according to this article, that is certainly a fact.

MarenLBC said,

There is no Windows Based Slate, Laptop, or Desktop that matches the style and quality of any of Apple's offerings. When you add in OS X and the impeccable service you receive from Apple the extra money you spend is well worth it.


Well I dont like OSX and if I got the MBP I'd take OSX off completely, if possible, and run Windows 7 solo.

Apple's service is okay, if you are under warranty. Otherwise you are paying way too much to get it serviced. My GF was supposed to pay $800 for repairs for her white MB (Keyboard, HDD crash (The one that ended up being Apple's fault), and I think something else) but luckily she got AppleCare

warwagon said,
So by "Installation requires physical access to the computer" you mean idiot behind the keyboard?

Same idiot types behind PCs....you have your idiots, and those of us who know what we are doing.

dogmai said,

Yep, that's why everyone has a Mac and not a PC... lol

Windows Based PCs are cheaper which is the only reason why.

satukoro said,
The ironic thing is that Mac implies that they are not Personal Computer's, and according to this article, that is certainly a fact.

Wrong. What does it say at the top of this page?
http://www.apple.com/getamac/

"Why your next PC should be a Mac."

Edited by MarenLBC, Apr 20 2010, 6:31am :

MarenLBC said,

Wrong. What does it say at the top of this page?
http://www.apple.com/getamac/

"Why your next PC should be a Mac."

If you want to get technical, a Mac is a computer for personal/work use just like a PC...hence a Mac is a Personal Computer. Comparing Macs and PCs is inaccurate...they should be comparing Windows to Macs/OSX.

techbeck said,

If you want to get technical, a Mac is a computer for personal/work use just like a PC...hence a Mac is a Personal Computer. Comparing Macs and PCs is inaccurate...they should be comparing Windows to Macs/OSX.

I'm not getting technical I'm just speaking the truth. A Mac is a PC and even Apple agrees with this statement which is evident by the site listed.

MarenLBC said,

I'm not getting technical I'm just speaking the truth. A Mac is a PC and even Apple agrees with this statement which is evident by the site listed.

haha, I am an idiot...my apologies, I misread. One of those days...

MarenLBC said,

There is no Windows Based Slate, Laptop, or Desktop that matches the style and quality of any of Apple's offerings. When you add in OS X and the impeccable service you receive from Apple the extra money you spend is well worth it.

Ok, let's see. I can buy HP, Sony, Dell laptops that are as stylist as Apple's, less expensive and have all the expected modern stuff like Bluray, HDMI, 5in1 media card reader, removable battery and no burn marks on your legs when you use them for long. As for customer support, I had a Sony VAIO in which milk dripped in and had ants and stopped working, and Sony sent a guy TO MY HOME and he replaced the motherboard for a new one, for free.... That beats hands down going to an Apple store and have a 'genius' charge you an incredible amount of money for the same thing and take several days to repair.

Charles Keledjian said,

Ok, let's see. I can buy HP, Sony, Dell laptops that are as stylist as Apple's, less expensive.

I bet you cannot find an unibody aluminum laptop with isolated keys that are backlit, magnetic charging cable, and a slot loading dvd drive from any of the above manufacturers.

Edited by MarenLBC, Apr 20 2010, 3:33pm :

MarenLBC said,

I bet you cannot find an unibody aluminum laptop with isolated keys that are backlit, magnetic charging cable, and a slot loading dvd drive from any of the above manufacturers.

Um, who cares!

MarenLBC said,

I bet you cannot find an unibody aluminum laptop with isolated keys that are backlit, magnetic charging cable, and a slot loading dvd drive from any of the above manufacturers.

Unibody that gets hot because it is basically a heat diffusion case and hurts your legs, and you cannot replace your battery? No thanks. There are fine aluminum options that do not produce heat and have removable battery. Slot loading DVD? No thanks, many software drivers come in small DVDs that you could not load in these slots. Magnetic chargind cable? If that will make my laptop $600 more expensive I pass. And isolated backlit keys, we have those, thanks.

njn007 said,
Was almost worried...but then I remembered I am a Mac user!

No viruses!

Common sense = no viruses!!!

It has to be very popular in order for that to become a problem. Hardly anyone uses Macs. My sister has one and she runs Windows on it.

Foub said,

It has to be very popular in order for that to become a problem. Hardly anyone uses Macs. My sister has one and she runs Windows on it.

I run Mac OS X on both my Dells and the quadcore I built myself. That whole popularity thing is just the age old excuse PC users use because they don't know anything about how Macs work. You know like understanding unix commands, what a kernel extension is, or that macs are based on Unix. For example, there are plenty of Linux viruses/exploits out there and Macs definitely account for a larger user base than Linux. It doesn't really matter anyway. It's a good that we have Windows, Macs and Linux available to us. Only the truely best of us run all 3.

Edited by crazyfish, Apr 20 2010, 2:06am :

crazyfish said,

I run Mac OS X on both my Dells and the quadcore I built myself. That whole popularity thing is just the age old excuse PC users use because they don't know anything about how Macs work. You know like understanding unix commands, what a kernel extension is, or that macs are based on Unix. For example, there are plenty of Linux viruses/exploits out there and Macs definitely account for a larger user base than Linux. It doesn't really matter anyway. It's a good that we have Windows, Macs and Linux available to us. Only the truely best of us run all 3.

When you compare the popularity of Windows to Mac OS X it isn't even a competition therefore your point or lack there of is void. 90% of all computers in the world today run some iteration of the Windows Operating System therefore a majority of the threats will be released for it. Mac OS X , Linux, and other UNIX Like OS' are solid Operating Systems but they have yet to be tested on the level that Windows has so your analysis is not grounded in reality.

crazyfish said,

I run Mac OS X on both my Dells and the quadcore I built myself. That whole popularity thing is just the age old excuse PC users use because they don't know anything about how Macs work. You know like understanding unix commands, what a kernel extension is, or that macs are based on Unix. For example, there are plenty of Linux viruses/exploits out there and Macs definitely account for a larger user base than Linux. It doesn't really matter anyway. It's a good that we have Windows, Macs and Linux available to us. Only the truely best of us run all 3.


Yeah because you know so much more than this guy:

http://www.neowin.net/news/hac...apple-fans-quotignorantquot

Edited by Tim Dawg, Apr 20 2010, 3:06am :

crazyfish said,

I run Mac OS X on both my Dells and the quadcore I built myself. That whole popularity thing is just the age old excuse PC users use because they don't know anything about how Macs work. You know like understanding unix commands, what a kernel extension is, or that macs are based on Unix. For example, there are plenty of Linux viruses/exploits out there and Macs definitely account for a larger user base than Linux. It doesn't really matter anyway. It's a good that we have Windows, Macs and Linux available to us. Only the truely best of us run all 3.

In this, you're essentially saying that OS X is one step up from Linux solely due to the amount of users, and that if Windows users want to understand how a Mac works, we should learn UNIX commands, that of which are rather similar to standard DOS commands (I've also found them to be similar to C++, but I won't get into that). Any Windows user with a clue as to how Windows works - programs that rely on resources which are in various folders around the hard drive - has a general idea of how most operating systems work. They are generally composed of a program that relies on resources in its system directory to run more programs. Windows and the many variations of UNIX (including OS X) are extremely similar; it is only small details that separate them, the big picture is the same.

crazyfish said,
... That whole popularity thing is just the age old excuse PC users use because they don't know anything about how Macs work.

That isn't true at all. The reason is that not enough people use os x. The majority of virus/worm/malware coders out there are only out to get fame/recognition or money. Sure, if they make one for macs they will get talked about on nerd forums and maybe there is a slight chance they will get a few minutes on the news but not likely. Now, if they make something that will infect most windows machines then they will be all over the media and everyone will be talking about what they made. All you would get with a mac worm is anti-apple people rubbing it in the face of apple fanboys.
crazyfish said,
You know like understanding unix commands, what a kernel extension is, or that macs are based on Unix.

Not correct. OS X is based off of the mach kernel with the freebsd world (not kernel) and neither one of them is UNIX. Sure, freebsd at one time was based on unix but after AT&T that all was rewritten and changed. You can have a great operating system like freebsd but when you start poking holes in it to make it "just work" you turn it into a pos. One of the reasons why linux/bsd/unix are secure as they are are due to the code being freely available to anyone to look over and then they find security holes and patch them. I know apple released part of the code under darwin but that still isn't os x so it still leaves holes that just have tape over them waiting for someone to start poking around with a stick.
crazyfish said,
For example, there are plenty of Linux viruses/exploits out there and Macs definitely account for a larger user base than Linux. It doesn't really matter anyway. It's a good that we have Windows, Macs and Linux available to us. Only the truely best of us run all 3.
Macs don't account for a larger base of linux install in the slightest. Linux is installed on many many many servers around the world. There is a reason for people to find an exploit in linux that no one has found before so that they can gain access to servers for either financial, publicity, or just revenge.

Not correct. OS X is based off of the mach kernel with the freebsd world (not kernel) and neither one of them is UNIX.

The OpenGroup is the controlling body for the UNIX specification and handles deciding what is and isn't UNIX through their certification process.
[url=http://www.opengroup.org/comm/press/19-2-nov07.htm]Mac OS X is UNIX[/url],
paid up and certified just like HP/UX and Tru64. This is Apple's second 'real honest to goodness UNIX' - the first was A/UX in the 80s.

evn. said,

The OpenGroup is the controlling body for the UNIX specification and handles deciding what is and isn't UNIX through their certification process.
[url=http://www.opengroup.org/comm/press/19-2-nov07.htm]Mac OS X is UNIX[/url],
paid up and certified just like HP/UX and Tru64. This is Apple's second 'real honest to goodness UNIX' - the first was A/UX in the 80s.

Yes and no. OpenGroup only owns the trademark of the name UNIX, and they set a standard for specifications if you want to be a certified unix system and carry the trademarked name. It isn't the same as a UNIX os just a certified UNIX os that meets specifications. OpenGroup doesn't own UNIX (ie the actual OS that exists) just the trademark.
To use your example, HP/UX isn't just certified but it is based off of the copyrighted code UNIX System V(which the OpenGroup doesn't own) and OS X isn't.

crazyfish said,

I run Mac OS X on both my Dells and the quadcore I built myself. That whole popularity thing is just the age old excuse PC users use because they don't know anything about how Macs work. You know like understanding unix commands, what a kernel extension is, or that macs are based on Unix. For example, there are plenty of Linux viruses/exploits out there and Macs definitely account for a larger user base than Linux. It doesn't really matter anyway. It's a good that we have Windows, Macs and Linux available to us. Only the truely best of us run all 3.

No you're not better than anyone else for running all 3. it just means you run all 3. though since many linux distro's are so different they count as different OS's you fail

Anyway you popularity comment is way off mark

Windows wins the consumer user popularity hands down that why it's so targeted. Mac and linux are both insiginificant targets here.

However, your claim that the fact nix is targeted disproves the popularity "myth" is quite off base. As you're ignoring another more attractive attack vector where *nix is the market leader. Web servers and SMB servers. Here linux has high market shares, and it's a much more lucrative target for hackers as the "loot" is potentially worth a lot more.

stokhli said,

Yes and no. OpenGroup only owns the trademark of the name UNIX, and they set a standard for specifications if you want to be a certified unix system and carry the trademarked name. It isn't the same as a UNIX os just a certified UNIX os that meets specifications. OpenGroup doesn't own UNIX (ie the actual OS that exists) just the trademark.
To use your example, HP/UX isn't just certified but it is based off of the copyrighted code UNIX System V(which the OpenGroup doesn't own) and OS X isn't.

To put it blatantly, as there is no other way, you are wrong.
BSD (as 1BSD) was branched directly from the UNIX Time-Sharing System, this through evolution eventually became FreeBSD.

However along the way, as 3BSD was branched off of 2BSD, SunOS came along as 3BSD became 4BSD which eventually spawned SunOS. Oh and lets not forget that Mach was spawned off of... the 4.2BSD release which then spawned into Nextstep, followed by Openstep, Rhapsody and finally... OS X.

So, long story short, both parts (kernel & userland) from OS X was once part of the UNIX Timesharing OS.

Next time do some research.

Reference: http://www.levenez.com/unix/

Yvo said,

To put it blatantly, as there is no other way, you are wrong.
BSD (as 1BSD) was branched directly from the UNIX Time-Sharing System, this through evolution eventually became FreeBSD.

However along the way, as 3BSD was branched off of 2BSD, SunOS came along as 3BSD became 4BSD which eventually spawned SunOS. Oh and lets not forget that Mach was spawned off of... the 4.2BSD release which then spawned into Nextstep, followed by Openstep, Rhapsody and finally... OS X.

So, long story short, both parts (kernel & userland) from OS X was once part of the UNIX Timesharing OS.

Next time do some research.

Reference: http://www.levenez.com/unix/


Computer Sciences Research Group of the University of California in Berkeley had an AT&T UNIX license and had their own version called Berkeley Service Distribution. In 1990 when the funding ran out, some of the members released the code without the AT&T UNIX code (which required a license to run since UNIX is not free). From that people finished the rest of the code base to get to the different BSDs that we know today. BSDs are UNIX derivatives but they are not UNIX. AT&T even went after the company that sold BSD/386 because they had UNIX code in it and didn't pay for the license.
OS X can use the UNIX trademark because the OpenGroup set some standards and says people who follow them can be certified UNIX but it still doesn't make it UNIX.
That site you listed is a joke, go to FreeBSD's own site and they say in there that they aren't UNIX.

So you mean this is just like any other current Windows malware? This is how they all work, they have the user install the trojan by tricking them into thinking it is something they wall. That is why they are called trojans!
Way to downplay it.

"Installation requires physical access to the computer"

So, like any other malware that doesn't get anywhere (Windows or OS X). Woo?

Xcursion said,
Macs: They just work!
Let's see... requires physical access to a computer, hasn't been found in the wild yet, and can be removed by this software already.

Yup, seem to work pretty well, you're right.

Simon said,
Let's see... requires physical access to a computer, hasn't been found in the wild yet, and can be removed by this software already.

Yup, seem to work pretty well, you're right.


Agobot.
Need say no more.

Simon said,
Let's see... requires physical access to a computer, hasn't been found in the wild yet, and can be removed by this software already.

Yup, seem to work pretty well, you're right.


That is actually incorrect.
If someone passes you this virus and you install it, you are infected.
You dont need "physical access" unless by that you mean you yourself the user in front of the computer installs it, which then makes it like all Windows viruses as well.

alfaaqua said,

That is actually incorrect.
If someone passes you this virus and you install it, you are infected.
You dont need "physical access" unless by that you mean you yourself the user in front of the computer installs it, which then makes it like all Windows viruses as well.

That is actually incorrect.

Not like all windows viruses at all. Sasser, blast, .ANI flaw merely require machine to be turned on or visiting an infected site. No user interaction is required in terms of installing anything.

Simon said,
Let's see... requires physical access to a computer, hasn't been found in the wild yet, and can be removed by this software already.

Yup, seem to work pretty well, you're right.

Yea, VirusBarrier detects it...but only for those (the few) who actually installed protection. There are many people that believe Macs are untouchable. Luckily for everyone I know who has a Mac...they are protected.

Oh, and I am not sure if there are any free versions of AV for Macs...but if not, would be interested in Mac AV sales

ccuk said,

That is actually incorrect.

Not like all windows viruses at all. Sasser, blast, .ANI flaw merely require machine to be turned on or visiting an infected site. No user interaction is required in terms of installing anything.


Which version of Windows are you referring to. With UAC and non-administrative account, nothing installs on my Windows 7 machine without going through a few prompts.

helios01 said,

Which version of Windows are you referring to. With UAC and non-administrative account, nothing installs on my Windows 7 machine without going through a few prompts.

He means a pirated Windows XP RTM with no updates or service packs, very relevant to our days

Simon said,
Let's see... requires physical access to a computer, hasn't been found in the wild yet, and can be removed by this software already.

Yup, seem to work pretty well, you're right.

You do know that most all windows malware today requires the same if not more steps than this ? the user pretty much always have to actually choose to install it and is usually tricked into it through social engineering via IM's, facebook or e-mails created by the very same malware on other infected computers.

ccuk said,

That is actually incorrect.

Not like all windows viruses at all. Sasser, blast, .ANI flaw merely require machine to be turned on or visiting an infected site. No user interaction is required in terms of installing anything.

There have been very few viruses in history that have spread that way. Most spread by tricking the user into installing something. The Blaster for example took advantage of a flaw in Windows, a flaw which was patched weeks before the virus came out (so if you used the built-in firewall and/or automatic updates it was a non-issue). No virus has ever spread on Apple computers this way, but that isn't to say none could. Apple has patched more than a few flaws that could have led to remote code execution.

What the Windows vs. Mac people rarely realize is that the principles between the two systems are the same. In order to infect a computer code must be run. That typically happens in one of three ways. The user is tricked into running bad code (email attachment, downloaded program and so on), a trusted application has a flaw that allows code to be run in a way not designed (example, a web browser or RealPlayer) or a flaw in a system service that allows code to be spent over the network (as I said, these are rare). There is no magic behind the Mac that makes these any more or less true than another platform.

Xcursion said,
Macs: They just work!

Newowin said,
The good news for Mac users though is that Intego rates the risk of infection as “Low” and that no Macs have been found to be infected in the wild. Installation requires physical access to the computer and the malware is only being distributed among some forums. Intego’s VirusBarrier X6 can identify and remove the malware if found on the computer.

Please read the whole news, before commenting anything.

Edited by MAVEЯiCK ☭, Apr 20 2010, 10:54pm :