AppleScript.THT: new virus for MAC OS X
Security researchers reported last week that they’ve spotted a Mac Trojan horse in the wild that could compromise machines running Apple Inc.’s Mac OS X 10.4 or 10.5. SecureMac, a Mac-specific anti-virus vendor, posted an alert last Thursday that its researchers had found a Trojan horse, dubbed “AppleScript.THT,” being distributed from a hacker-operated site where discussions of spreading the malware via iChat, Apple’s instant messaging and video chat software, were also taking place. The company classified the threat posed by the Trojan as “critical.” The malware exploits a recently publicized vulnerability in the Apple Remote Desktop Agent (ARDAgent), part of Tiger’s and Leopard’s Remote Management component. Composed as a compiled AppleScript, or in another variant, script bundled into an application, the Trojan leverages the ARDAgent bug to gain full control of the victimized Mac.
“[It] allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging,” claimed SecureMac. “Additionally, the Trojan can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing.” SecureMac’s warning came one day after an anonymous reader disclosed a few details of the ARDAgent vulnerability on Slashdot.org, and on the same day that rival security vendor Intego provided more information about the bug. Malicious AppleScript, said Intego, can call ARDAgent, which then gives that script full “root” access to the system. Like any Trojan horse, AppleScript.THT does not spread on its own but relies on user interaction, such as downloading and launching, to infect a machine. Trojans can also be silently introduced on a computer if it’s injected after a successful attack using another vulnerability, such as a browser bug.
Source: Computer World
Comments(71)
great to see mac get a virus ill tell mum first
The more popular these OS’s get… the more “attention” they get offered!
Get a Virus. Get a Mac.
Someone told me before many times that the MAC is hack and crash proof….. I am happily typing this on a well maintained XP system.
lies all lies–and everyone knows it. Just watch the commercials sometimes, jeez!!
hah!
Just go to alt.2600 and ask the hackers if there are any virus or trojans for the mac os and see what they tell you. At last count there are over 400,000 that are exclusive to the mac os. Windows has ten times that, but then again windows also own 90% of the market share for home computers.
Windows 90%
Mac 07%
others 03%
@2 Soldier is right, the more popular these get, the more virus that will be written for them and the faster these mac snobs will be taken down off their high horses.
Macs are only good for email and itunes, that’s it
Turn on Remote management in the System ‘Sharing’ Preferences to close the hole (for some reason)
they can take pictures with the build in webcam…lol
mac users better stop picking their noses or worse
in front of their MAChines.
I’ve always been a windows user, and no matter what kind of trash mac throws out there so will the majority of computer users.
whatever first serious exploit since os x launched in 2001..
im thinking thats pretty good, though that prolly can be attributed to under 10% market share……
either way try actually using a new mac and you might be presently surprised, i used to hate macs then i tried os x and liked it a lot.
4 years later still using mac now with the option of dualboot windows for the odd game still coming out for windows.
Linux pwns MAC OS X big time.
lol @ 5
And because the install base of Antivirus on OSX is pretty much non existing and the users ignorance towards virus on Mac any self spreading virus will be a disaster.
Any windows user knows that it requires at least some extra component to the system to make it some what “secure” a Mac user just think it requires a Mac.
OMG, you’re all ill-informed. Firstly, it’s not a virus (self-propagating in its very nature), it’s a trojan.
Secondly, when YOU the user have to actually download said file/script, OPEN it, and THEN type in your administrator password, it kinda takes the gloss off, hey!
But nah, keep on bagging what you don’t understand. Go scan for some more viruses please. Come back when you’re educated.
@4/”Someone told me before many times that the MAC is hack and crash proof….. I am happily typing this on a well maintained XP system.”
Grr, anti-mac-fanboy-fanboyism is as annoying as reglar mac-fanboyism..
No one (who wasn’t acting in an advert, or who has half a brain) ever claimed OS X is “hack and crash proof”, it just does it less, handles crashes more consistently, has a very good software community (compared to the crapware-infected Windows shareware land), and most importantly, is more secure by default (a clean install of OS X has no listening sockets, and the user is prompted for their password when changing system settings, unlike pre-Vista Windows OS’)
“I am happily typing this on a well maintained XP system” – and I’m happily typing this on a well maintained OS X system – any OS can easily be made more-than-secure-enough, OS X just ships “more secure” than Windows traditionally did.. The smaller marketshare also helps..
As for fixing this, other than “don’t run anything sent randomly by people on your contact list”, open up Terminal (Applications > Utilities), and run the following..
sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent
That stops the ARDAgent from being able to do stuff as root – if you don’t use Apple Remote Desktop, it will break nothing (other than this “virus”)
Har har de har
Think of the amount of jumped up mac users that dont even use any A.V cause they think there macs are bomb proof.
Serves em right and i hope there all up sheet creek n not a one of em has a paddle
The odd game still coming out for Windows?, try 90% of all new games more like
Anyway, this is actually good news in some ways, knock the Mac fanboys off their high and mighty pedestals. I’ve said for years any operating system is only as secure as the idiot using it. OSX and Vista now have similar security but if a Windows user is stupid enough to click allow when the UAC warning pops up he or she is just as likely to be as stupid on a Mac.
Apple release many, many security updates all the time just as Microsoft do, noth operating systems are just as vulnerable to stupidity and the determined malware writer.
And don’t think Linux is immune, it was only a couple of months ago there were reports of malicious code infecting Apache webservers running on Linux without the system administrators even being aware of it. Luckily for them the malicious code was designed to attack Windows users who visited an infected website but it could have been far worse if it had been designed to attack the host linux webservers themselves.
this must be the worst operating system!! it has a trojan!!!!! omg!!! rabble rabble rabble
400,000 that are exclusive to the mac os??
That proves you know nothing about this at all.
Can’t believe so much stupid MAC bashers here. This article state the virus is for “machines running Apple Inc.’s Mac OS X 10.4 or 10.5.” The current update to OSX is 10.5.3. So no big deal. There will always be someone creating virus for all systems and they will always cure it and so we are all winners as we get better and better systems. Live and Let Live kids!
ha! 16 doesn’t have kids…sure we all know what needs to be done to infect the mac but when kids are a around which is all the time…anything is possible
@19
Actually most games either come out only on consoles or on consoles first so i only get it on pc if i didn’t get it on xbox360 already.
@17 You’re right, you do have to authorize every program the first time it runs so its inherently more secure than windows.
man.. i saw this new 2 days ago…
So everyone is talking about which OS is best and no one asks how can a person KNOWS if he HAS the TROJAN on its mac!!
welcome to the family bittcheeeeees
We need more viruses for MAC!
A worm virus will be just perfect! :devil:
LOL.. i’ve been saying for years that MAC is no different from PC.
But somehow someway Apple has convinced Millions nearly Billions of people otherwise.
@ 24- since when do you let your kids know your admin password?
@29, you’re an idiot. When a trojan needs you to download it, open it, AND enter in your admin password, it’s not a great feat at all- this is a “vulnerability” that affects ALL platforms, because it is a USER-based action.
When the trojan downloads itself without me knowing, runs itself without me knowing, and gets my password without me inputting it, or gains root privileges with no action on my part, THEN I will be concerned.
Until then, nothing to see here.
i love how defensive macusers get. at the end of the day it’s an operating system like windows is, full stop.
thom
June 22nd, 2008 | 17:15
Just like Porsche and Skoda are exactly the same thing.
And kudo’s to the ones that set things straight in their comments, this is not a virus.. you actually need to download it, run it and typ in your admin password.. some people would just call that ’software’.
macs are secure in two ways:
1. less malware written for them
2. idiot proof settings (and lets face it, when you’re paying double for your hardware because it’s white and fashionable you’re an idiot)
as has been said, if you want a better OS than windows, you use linux. this is why macs are sh1t on so often – they are totally unnecessary.
yet again, it requires the password to be typed in. page 2 news the most.
macs are secure in two ways:
1. less malware written for them
2. idiot proof settings (and lets face it, when you’re paying double for your hardware because it’s white and fashionable you’re an idiot)
as has been said, if you want a better OS than windows, you use linux. this is why macs are sh1t on so often – they are totally unnecessary
Dufus on both counts.
macos IS linux.
oh, and im white and fashionable and consider myself quite clever really (well i dont have windows on my computer anyway…lol)
Let’s get something straight, Macs have a noob-friendly OS, problem is there are only 11 applications that run on Macs. FACT.
@36 Henderson. 11 eh? Then I should uninstall 12-14 perhaps? However, in the event that I am ignorant, and I am only hallucinating about the more than 11 programs I am using, could you please tell me which 11 programs they are?
thanks
Tom
All you guys say ‘macs desearve this, mac users suck, etc…
Do you realize it’s all the window users saying this. There arn’t many mac replies to this post. WERE not saying were better than windows, the ‘bad image’ you guys give mac is all from your side. Your only arguging with other window users.
Rapidshare links please!
Maybe now all those Mac users will STFU about their “virus-free” rigs. Now I want to see a commercial from IBM showing the PC and Mac guys….the Mac guy could be partying, taking pictures, and making movies and what-not…then it could show him sick with a virus when he wakes up the next day, meanwhile the PC guy takes his temp and stuff and gives him some security advice. Sounds like a nasty virus too. LOL
Iza
June 22nd, 2008 | 19:26
And again, another analphabetic; this isn’t a virus; you have to a. manually download it, b. run it and c. enter an admin-password.. what kind of virus is that? Right; it’s almost software, and only the idiots that use windows will fall for that kind of crap.
I bet the software company distributing anti-virus software for mac made the virus…how else should they sell their software?
I always found it funny that Mac users run Windows inside OSX. I don’t recall any Windows users running OSX in Windows. Then again why would they need to?
i Stucked on MAC because of it’s FInal cut pro program…
mac… only for fancy ppl, and now, with virus and trojans is another mortal OS
KobeBeefBurger
June 22nd, 2008 | 19:37
Well, while there have been some desperate attempts, nobody has been able to do it with absolute succes.. so it’s not that nobody want’s to; they just can’t and convince them due to cognitive dissonance they “didn’t need it anyway”
haha. i wonder why macboys get so uptight when we throw a punch at them. this jus goes to show macboys are uptight noobs who sit all day arnd their appleshow glowin in their faces.
so stfu and go polish stevie’s ass n his apples. and in other news….many more trojans to come ahead….
…for mac-creamy-apples….hmmm damn…its been over a year since i been infected with all those virues\trojans for windows. damn. so many and i can maintain my machine safe + my coool when a new one is found…kekeke
genex3m
June 22nd, 2008 | 20:31
Because most of the pc-fanboys here apparently lack the ability to read properly.. you can call it ‘uptight’ when someone finds it annoying that so many people lack a basic educational ability.. but mehh.. at the end of the day; you’re still stuck on your pc, and I will be working on a mac.
@genex3m
Get your head out of Bill Gates lap & wipe your mouth already. Your only embarrassing yourself now, sweetheart.
@mac users : hahahahahaha at least windows users don’t go crazy when mac users go how they’re supreme blah blah
it’s all taste, i think macs suck and much prefer windows – most likely as i’ve been using them all my life. i think windows is perfect for me, similar to how some mac user may think it about macs. simple as that. i don’t go replying to every anti-windows comment.. go cry over your trojan infested ibook ha
Wild.China.s01e02
http://rapidshare.com/files/124229419/wild.china.s01e02.ws.pdtv.xvid-remax.part1.rar
http://rapidshare.com/files/124229422/wild.china.s01e02.ws.pdtv.xvid-remax.part2.rar
http://rapidshare.com/files/124260158/wild.china.s01e02.ws.pdtv.xvid-remax.part3.rar
http://rapidshare.com/files/124264720/wild.china.s01e02.ws.pdtv.xvid-remax.part4.rar
http://rapidshare.com/files/124279879/wild.china.s01e02.ws.pdtv.xvid-remax.part5.rar
http://rapidshare.com/files/124284322/wild.china.s01e02.ws.pdtv.xvid-remax.part6.rar
http://rapidshare.com/files/124241222/wild.china.s01e02.ws.pdtv.xvid-remax.part7.rar
http://rapidshare.com/files/124241221/wild.china.s01e02.ws.pdtv.xvid-remax.part8.rar
Thanks to all of you I am not bored anymore. You geeks crack me up!
” MAC vs. PC ” — lmao, what a bunch of losers! still.. lmao
It’s not the Mac itself I would bash, nor OSX, use them at work and they are excellent machines but the Mac users and their smug, high and mighty attitude are the problem. Vista has similar security to OSX with UAC, however it is easier to switch this off on Vista which is a stupid thing to do. Yes it is a trojan, yes it requires user intervention but so do trojans on Windows Vista. lol@20, no one said this was the worse operating system because trojans were beginning to appear thats bound to happen as Macs get more popular. The problem is that 99% of Mac users say their system is completely immune to any threats when it blatently isn’t, and novice users believe it. The poster above is correct when he says if a new user bought a windows machine and blindly accepted the security warnings on Vista when sent something from someone he thinks is a friend, he will do the same on a Mac. The difference is at least on a windows machine the novice user will likely have anti spyware and anti virus software so is more likely to be alerted to the fact before major damage can be done, this is most definately not the case with Mac users 99% of whom have no anti spyware or anti virus software because they blindly believe they dont need it. Most Mac users here are fairly tech savvy and wouldn’t dream of blindly allowing something like this to install but it is completely and utterly wrong of you to assume all Mac users are the same.
That guy is also correct about the malicious code injected into Apache webservers running on Linux, it was well publicised at the time and caused quite a lot of raised eyebrows because it was installed without the system administrators or webmasters being aware of it, something most Linuz sysadmins believed couldn’t be done. The guys that wrote the code obviously targeted windows machines with the actual destructive code as it would not have made much sense to target the small number of Linux machines that would visit the pages per hour compared to the thousands of Windows machines that would visit. It does however, prove the point that no operating system is immune. If hackers and coders can break into banking systems, department of defence or Nasa computers they can damn well hack into or code for Windows, OSX or Linux if they felt it was economic of them to do so.
There is one odd and funny fact about this whole discussion between windows and mac users. Most windows users who say “Mac sucks, bla bla bla” hasn’t even tried a mac, and by tried I do not mean a 10minute sit-down at a mac, because that’s just touching, not trying
.
Isn’t it quite narrow-minded to just say mac sucks when most of you haven’t even tried it? Because that’s always the case.
I had been a windows user my whole life until Junuary this year, and I must say, ofcourse it was sometimes quite annoying, and mostly in the beginning just becuase I was so use to how windows worked out. But that was just in the beginning when I had to learn a whole new OS that I wasn’t fimilar to at all. But I must say, once you get a hang of it you will start to understand that Mac OSX works really nice, because everything is built up in a much more logic way then windows, and things built in the OS actually works!
I’m sure a lot of you are fimilar with the phenomenon when windows asks you if you would like windows to do some kind of action for you, and I’m quite sure that a lot of you click “No” in these situations because you know that windows will most likely just not do it right, or at all, which means that you often need extra applications and extra knowledge how to handle these things that windows just can’t do, and that covers just about too many areas. This is one of the most compelling things about Mac OSX, and that is that I actually can trust Mac OSx, if OSX asks me if I want something done automaticly, I can trust in that it will actually work. This is one of the things that got me quite baffled in the beginning, and I really realized how little trust I had in windows when I used it.
bill gates would love to be as hip as steve jobs. steve jobs would love to be as rich and powerful as bill gates.
identity through company means you are pwned to begin with. do your work and work on an OS that allows you to do your best work. neither of these companies care a thing about yo and the only way to rid yourself from their grip is to go open source. for you to spend your time identifying through a corporate brand is really sad and will never amount to a decent discussion. so take your stickers off your car, stop flashing your iphones around starbucks like you’re hip b/c you own something, stfu and do your work and watch your porn.
and there i go, wasted another 5 minutes of my life on this topic.
Mac has so many less defective things. Pc has a shi*load more defective and more bugs than the Mac as for the linux who cares :S no one even talks about them LMFAO. Lets face it BIll Gates is fat and ugly and will also suck at making anything :S. Mac Ftw!
Mac vs PC vs Linux, the debate will never end…..
Get outta the rosey glow of your screen and get
outside for a change.
watch full movies anime tv and cartoons at http://shorl.com/dristustobebedru
It is free for you stream and download!e http://shorl.com/dristustobebedru
so mac turn has finally comes…. people are starting a lot of macs these days… may iphone is next with it becoming so much popular and all… hope it has better security i am planning to buy one
that should be funny. mac users are so dependent on their osx being secured that they forget what to do when infected. stupid mac users. lol. ubuntu all the way.
From article…
The Trojan is distributed as either a compiled AppleScript, called ASthtv05 (60 KB in size), or as an application bundle called AStht_v06 (3.1 MB in size). The user must download and open the Trojan horse in order to become infected. Once the Trojan horse is running, it will move itself into the /Library/Caches/ folder, and add itself to the System Login Items.
Ff you are stupid enough to download/run a 3.1MB virus, you deserve it. Still not as complicated and easy to install as Windows viruses though. Don’t see the big deal other than getting attention through headlines.
A mac makes a good dust collector
REAL men use PC
Jebus! People, c’moon… you DO realize you behave like little kids from kindergarten, do you?! “My sandcastle is prettier than yours! Bwaaahh…”
At least Mac users haven’t been infected from this site…..You know exactly what I mean PC fanboys…NEXT!
@42 KobeBeefBurger
While your finding it funny I actually find it helpful so I can play my Windows games andl mess with a program I was making before I got my Mac without rebooting in and out of OSX all the time.
I Just Spoke With Apple And They Said That this IS False Information . To put A Scare On mac Users Or Future Mac users .Dont Believe The Lies People Its Not True
watch full movies anime tv and cartoons at http://shorl.com/dristustobebedru
It is free for you stream and download!e http://shorl.com/dristustobebedru
@29
You’re an idiot and ill informed. This trojan does not require the user to insert their admin password.
@22 It’s a fault in the article, this hasn’t been patched yet.
@35
“Let’s get something straight, Macs have a noob-friendly OS, problem is there are only 11 applications that run on Macs. FACT.”
hahahaha.
ok.
1) yes, its n00b friendly, but also incredibly capable for power users. xp and vista arent very n00b friendly, and break when you try to do something really complicated.
2) besides games, i run:
final cut
shake
ms office
ilife suite (more than 1 app, but we’ll call it one)
adobe cs3 (likewise)
toast
parallels (yes, i use XP on occasion, just for backward compatibility reasons, and cause Eve’s mac client isnt supported on my macbook – dont bother with it on my macpro though)
logic studio (at least 4 apps, but…)
reason
recycle
ableton live
cubase sx
shedloads of AU instruments and plugins (no, really, im not listing them)
native instruments komplete (theres another handful of apps as well as the plugins)
metasynth
amplitube
so thats at least 16 apps, if youre being particularly conservative on how you describe an application…
then theres what i think of as utilities; firefox, compression tools, a couple of flavours of download manager (one for big music apps, one for film rls etc), blah blah.
then theres games and emulators. i didnt switch to macs for games (i have a ps3 and a wii for that, and i got tired of trying to keep up with the pc gamer market a long time ago – keeping a pc up to date is an expensive game with little reward), but still i find theres a good sized handful of them in my applications folder.
so lets get something straight, youre a muppet.
as for this trojan, it really didnt bother me. i got a security update and as far as im aware, my macs are safe. if anything were to go wrong though, 1) any damage to the actual macs would be fully covered and 2) i dont buy stuff online, so the worst they can get on me is my email password, so they can read some very boring conversations between me and my dear old mother. thatll get them nowhere fast.
i love how, whenever theres a security alert for apple, pc users are quick to say ‘told you so’ and then abuse mac users for being fanboys. if mac users did the same every time there was a windows security alert, the web would grind to a standstill.
for the record, i dont think theres anything wrong with pcs. i have two. i just dont use them for anything taxing, like recording music, cause i dont trust them not to crash.