A new variant of HellRaiser is now out there. It is being called OSX/HellRTS.D and in order to get infected you would have to run a server daemon, shown below. HellRaiser is a RealBasic-based trojan horse that gives control of a Mac OS X system to an attacker. This can include searching through the file system and then transferring files, viewing the clipboard, sending audio, sending chats, viewing the screen, showing pictures, viewing spotlight indexes, controlling mail and rebooting (see the tabs below). A number of products will detect the OSX/HellRTS.D. trojan horse when using the latest definition updates, including the following (which links to the HellRaiser entry for each vendor):…
-
-
iWork or Trojan
Ninja’s don’t often get trojans, but pirates of Mac software just might… According to an article on MacRumors, there is a pirated copy of iWork 09 floating around torrent-land that has a trojan in it. Apparently it creates /usr/bin/iWorkServices and then puts it in /System/Library/StartupItems. Now, in order to place the files in such a way it’s going to obviously need the user to enter a root password. But then, a regular installer would ask a user to do this too. The trojan has been named OSX.Trojan.iServices.A. Supposedly over 20,000 users have downloaded the infected files from the torrents, but at this time, I am unable to find one to…
-
Mac OS X: DNSChanger Removal Tool
From SecureMac.com: SecureMac has released a free utility called DNSChanger Removal Tool to remove the DNSChanger Trojan Horse, also known as OSX.RSPlug.A and OSX/Puper, which has been found on numerous pornographic websites disguising itself as a video codec. Once downloaded and installed, DNSChanger changes the DNS settings on the computer, redirecting websites entered by the user to malicious sites. If personal information is entered on these malicious websites, it can lead to identity theft. If the DNSChanger trojan horse is detected, DNSChanger Removal Toolwill give you the option to remove it. If the DNSChanger trojan horse is detected and removed, you will need to restart your computer to clear out the bad DNS entries added…
-
Mac OS X: New Trojan Discovered
I originally posted this at http://www.318.com/TechJournal Monday, October 29th, 2007 – Intego issued a security alert about a new Trojan Horse called OSX.RSPlug.A targeting the Mac. OSX.RSPlug.A changes the DNS (Domain Name Server) address that infected systems use to access web sites and installs a new task on infected systems to change the DNS server again if the end user changes it back to what it was before. This is similar to many attacks against the Windows Hosts files. However, if anyone is going to get this worm they have to authenticate as an administrative user for their system to get infected. OSX.RSPlug.A has been found on some pornographic Web…