Even though the Mac is touted as very secure – as the installed base of Macs increases, it will increasingly become a target for viruses. Here is yet another example of the early trend. Note also that this exploit is not found “in the wild” yet.
Trojans exploit Mac OS X ARDAgent flaw.
Building on the Trojan released last week, a group of hackers appear to be targeting the
Mac OS X platform with more variations. Last Thursday, Mac antivirus vendors Intego
and SecureMac reported a serious vulnerability within the Apple Remote Desktop Agent
(ARDAgent). It is part of the remote-management component of Mac OS X 10.4 and
10.5, and is owned by root. Thus, the ARDAgent executable runs this malicious code as
root without requiring a password. The Washington Post on Monday reported the
presence of a hacker forum devoted to the development of Trojans around this
vulnerability. The particular user forum at MacShadows.com has since been removed.
The Post was nonetheless able to obtain screenshots from the forum before it was
erased, and also a copy of the Mac Trojan template. Buried within the template was an
e-mail from one of the Trojan’s authors, “Andrew.” Despite their existence, there is no
evidence these Trojans are circulating widely on the Internet.
Source: http://news.cnet.com/8301-10789_3-9976122-57.html
