Search Perform an advanced search query SOFTPEDIA
 
SOFTPEDIA
Updated one minute ago
HomeSubmit a program for being reviewedAdvertise on our websiteGet help on surfing our websitesSend us your feedbackGet information about our XML/RSS backend and how to use itBrowse the news archiveVisit our discussion forumVizitati forumul in limba romana



KLIP
  1. HOME
  2. SCIENCE
  3. TECHNOLOGY
  4. WEBMASTER
  5. SECURITY
  6. MICROSOFT
  7. LINUX
  8. APPLE
  9. GAMES
  10. TELECOMS
  11. REVIEWS
  12. LIFE & STYLE
  13. EDITORIALS
  14. INTERVIEWS
  15. RSS
Welcome!
Hello, Guest

Login if you have a Softpedia.com account.

Otherwise, register for one.

MAC

Confirmed: Reported Mac OS X Trojan Is a Poker Game

- 'OSX.Trojan.PokerStealer' is the official name of the Mac Trojan

By: Filip Truta, Apple News Editor

Towards the end of last week the Mac-based web was "infected" with news of a Mac Trojan that will allegedly let hackers run code "as root" on other folks' machines. As usual, users would have to download and install an app – which has been confirmed as OSX.Trojan.PokerStealer, according to TUAW – in order to let hackers gain root privileges to their system.

Last week, security firm Intego claimed to have found a vulnerability connected to Remote Management in Mac OS X. The company was quick to offer a solution (no surprise there), namely its VirusBarrier X5. Mac OS X Leopard users may have a look at some of its features right HERE.

Intego noted that the ARDAgent is owned by root. Since running code through the ARDAgent executable is done as root, it will not require a password. "When an application enables a root privilege escalation of this type, any malicious code that is run may have devastating effects," Intego warns.

"A vulnerability has been discovered that allows malicious programs to execute code as root when run locally, or via a remote connection, on computers running Mac OS X 10.4 and 10.5," Intego further states. "This vulnerability takes advantage of the fact that ARDAgent, a part of the Remote Management component of Mac OS X 10.4 and 10.5, has a setuid bit set. Any user running such an executable gains the privileges of the user who owns that executable. In this case, ARDAgent is owned by root, so running code via the ARDAgent executable runs this code as root, without requiring a password. The exploit in question depends on ARDAgent’s ability to run AppleScripts, which may, in turn, include shell script commands," the security firm explains.

The exploit reported by Intego depends on the ability of the ARDAgent to run AppleScripts. This may, in turn, include shell script commands. The company says "the best way to protect against this exploit is to run Intego VirusBarrier X5 with its virus definitions dated June 19, 2008." Of course, there's always the cheap (and smart) way – just avoid downloading content from untrusted sources. The same goes with opening e-mail attachments. Adding that you now know Poker games for Mac might do you harm, you're probably still on the safe side.

MORE RELATED ARTICLES: Softpedia Recommended Mac Apps of the Week – 22.06.2008 It's Official: Mac Trojan on the Loose Another Security Firm Acknowledges Mac Threats iAntiVirus for Mac Public Beta Mozilla Firefox 3 Released for Mac NeoOffice 2.2.4 Available
 
Comments | Link here | Subscribe
Print | Send to friend
Today's News | Yesterday's News

Search:

TAGS: Intego security Trojan horse Poker game OSX.Trojan.PokerStealer

23rd June 2008, 08:37 GMT | Copyright (c) 2008 Softpedia | Contact:
Read by 844 user(s) | Rating: | 1 vote(s) so far | Cast your vote:
Confirmed: Reported Mac OS X Trojan Is a Poker Game - USER OPINIONS

Comment #1 by Bil Atkinson on 2008-06-28, 10:57 GMT reply to this comment 
Disconfirmed. The 'Trojan horse' is not, nor does it include a poker game. It does have a rather terrible icon which may suggest a relationship with cards and its actual name is "PokerGame.app". Other than those it offers no pretense whatsoever, and therefore isn't even a Trojan horse. Lastly, 'PokrGame.app' does not exploit the ARDAgent vulnerability but rather it asks the user for their password. Its only relationship with the ARDAgent vulnerability is that it happens to have been written by the same people who discovered the vulnerability and who wrote another program simultaneously 'AppleScript Trojan horse template' or astht which does in fact exploit the vulnerability.

go to top


SHARE YOUR OPINION ABOUT Confirmed: Reported Mac OS X Trojan Is a Poker Game

Since you are not logged on, your comments will have to be approved before being displayed.
Click here to login, or register.
Your Name:
Your Email:
Type in the result:
Your Opinion:
 


DO YOU WANT TO CONTACT US?  

If you have some comments or you want to send us some information you can send us an email directly to .
You can use the form below for the same purpose.
Your full name: (at least 3 characters)
Your email address: (at least 5 characters)
Message subject: (at least 5 characters)
Message text:
(at least 10 characters)
Type in the result:
 
 
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and Softpedia™ logo are registered trademarks of SoftNews NET SRL.
Copyright Information | Privacy Policy | Terms of Use | Contact Softpedia | Update your software | Archive