Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    May 2012
    S M T W T F S
    « Apr    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
    • About Us
    Malware Blog > Backdoor Busts the Mac Myth

    This new backdoor reminds everyone that, indeed, the myth that Mac is safe is, well, a myth.

    Exploiting a vulnerability in a component of Apple Remote Desktop, this malware detected by Trend Micro as BKDR_HOVDY.A, runs hidden on an affected operating system and allows a remote malicious user to escalate privileges to root. Also this backdoor is capable of performing the following functions, giving remote users complete remote access to an affected system:

    • Add a hidden admin user
    • Collect user account information on the affected system and send it to a remote user
    • Open ports in the firewall and turn off system logging
    • Enable personal Web sharing and open Web sharing ports in the firewall
    • Install and execute LogKext for its keylogging routine
    • Disable update-checking for the current user
    • Take pictures with the built-in Apple iSight camera and take screenshots

    In Washington Post’s blog entry, this malware was developed by a group of hackers who named the code Applescript Trojan horse template. The malware-writers discussed the code in a user forum on the Web site Macshadows.com, where talks of distributing the malware through peer-to-peer applications were also seen, as SecureMac reports. All content from the said user forum has been removed.

    Upon installation, the backdoor attempts to exploit two vulnerabilities in Mac OS X to be able to install itself without the user’s consent. Interestingly, one of the two vulnerabilities is a recently reported bug that hasn’t been patched yet, while the other is quite old, and has been patched by Apple since 2006. This suggests that malware authors are counting on both new and old bugs in getting their malicious programs into user systems.

    Also from the same report by Washington Post were comments from someone who is reported to be one of the authors of the backdoor. He told Washington Post that despite Apple’s declaration of OS X’s security, they fail confirm their own statement themselves; thus users like him are left to find out for themselves if it is true.

    Users are advised to install critical patches upon release by Apple. And again, caution in downloading files always keeps malware away from systems.





    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Wednesday, June 25th, 2008 at 11:06 pm and is filed under Exploits, Malware . Both comments and pings are currently closed.



    Comments are closed.



     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2011 Trend Micro Inc. All rights reserved. Legal Notice