Trojan AppleScript Spotted in the Wild
Two security firms, SecureMac and Intego, have separately issued security warnings for OS X Tiger and OS X Leopard. Both operating systems can be affected by a Trojan AppleScript delivered via LimeWire and iChat. Because the script is a Trojan, you would have to be induced to download and run the script; it could not be downloaded without your knowledge.
According to SecureMac, the Trojan takes advantage of a recently discovered flaw in Apple’s Remote Desktop Agent. Once the Trojan is installed, it copies itself to the /Library/Cache folder, and installs itself as a startup item. The Trojan has the potential to perform any task that Remote Desktop Agent allows, including transferring files, remotely controlling your Mac, and taking pictures with a built-in iSight camera, if you have one. It can also run a keylogger to capture identity information.
The Trojan AppleScript is being distributed with the names ASthtv05 (with a file size of 60 KB) and AStht_v06 (with a file size of 3.2 MB). As always, you should never download or run unsolicited applications offered to you on the Internet.
SecureMac and Intego both offer updated anti-spyware applications that you can use to search for and remove any threats to your Mac.
Let us know here at Focus on Macs if you run across this AppleScript!
Comments
I haven’t personally run across this Trojan yet, but then again, I don’t download anything that wasn’t my idea.
Sarah B.
I have yet to run across this script either. I have however run across a product called Intego Virus Barrier that causes all kinds of problems with Time Machine and Time Capsule.
Hey, Dave - that’s good to know. I use Time Machine, and was looking at some of the Intego products earlier. Never heard of the company before.
What do you use for antivirus software? Norton Antivirus seems to be pretty popular, although I think it’s overrated
~Bill
Am I ignorant to think that Macs were not susceptible to any viruses or is this something brand new?
Please advise: MsLiza518@aol.com
Lisa - Macs are susceptible, but it is highly unlikely. You are more likely to get a Word virus than an OSX virus. But as Sarah says “I don’t download anything that wasn’t my idea” Safe and you’ll never have a problem.
Compared to Windows, the Mac OS is a fortress - but nothing is totally foolproof. It’s not just that fewer hackers target Macs, because the Mac is a smaller platform (marketwise), but because Windows has more holes than swiss cheese. Not trying to start a platform war here; Windows is just a mess when it comes to security.
Of course, the operating system isn’t always to blame. No matter how many times you tell people not to download and run applications they got from people they don’t know, they’ll do it anyway.
So, yes, the Mac is susceptible to viruses, trojans, etc., but mostly all it takes to avoid them is a little common sense.
IS there an anti-virus out there for OS10.3.9?
McAfee Virex 7.7 runs on 10.2.6 or later.
Norton Antivirus requires 10.4 or later.
If you never download and run files from people you don’t know, and only download software (games, etc.) from well-known sites and companies, you probably don’t even need anti-virus software, particularly if you’re running OS X. Most of the Mac viruses target older versions of the Mac OS.
I have used ClamXav for years they ask for a donation well worth it.
Another validation of the Mac OS. Don’t be careless and you don’t have to worry.
@ Bill -
I don’t run or recommend any virus protection for OS X. As several of the above posters have mentioned, there’s nothing out there. As much as security companies would like us to believe otherwise, there’s absolutely no reason to spend money on this at this point. Not trying to cherry pick, but the details of the article themselves are contradictory.
For example, the article states:
“According to SecureMac, the Trojan takes advantage of a recently discovered flaw in Apple’s Remote Desktop Agent.”
After previously stating:
“Because the script is a Trojan, you would have to be induced to download and run the script; it could not be downloaded without your knowledge.”
Which is it? Is it an exploitable flaw or social engineering?
Jackie hit it out of the park with the “Don’t be careless” comment!
I would suggest, use McAfee’s SiteAdvisor before you browse. It would warn you about the website regarding spam or viruses. I felt this app is very useful for people who search on the net a lot.
The comments have veered off into a discussion of anti-virus software, but what SecureMac and Intego are recommending in this case is anti-spyware software. Spyware is insidious; you may have to download a Trojan in order for it to invade your computer, but that’s not always the case with spyware.
And let’s face it — many people aren’t careful, no matter how many time you warn ‘em.
new to mac, are they just trying to get me to by stuff……like microsoft does?
tests time mashine