14 DAY TRIAL // Mac security firm Intego has discovered what it identifies as “OSX/HellRTS.D,” the brainchild of a piece of Mac malware first spotted in 2004. Dubbed HellRTS, the malware opens a backdoor that allows remote users to take control of infected systems and perform actions on them, right after it is installed on a computer running Mac OS X. As usual, Intego cites the VirusBarrier antivirus program it develops as the best means of protection.
Although it’s a mystery how Intego even keeps a Mac security business running (perhaps it’s thanks to the scary advisories it spits out every other month), even Apple admits that security software may offer additional protection, so why not hear what Intego has to say?
“HellRTS, built in RealBasic, and a Universal Binary able to run on both PowerPC- and Intel-Based Macs, is able to perform a number of operations if installed on a Mac,” the self-touted Mac security specialist begins to explain.
“It sets up its own server and configures a server port and password. It duplicates itself, using the names of different applications, adding the new version to a user’s login items, to ensure that it starts up at login. (These different names can make it hard to detect, not only in login items, but also in Activity Monitor.) It can send e-mail with its own mail server, contact a remote server, and provide direct access to an infected Mac. It can also perform a number of operations such as providing remote screen-sharing access, shutting down or restarting a Mac, accessing an infected Mac’s clipboard, and much more,” Intego says.
According to its security memo, “This backdoor requires installation on a Mac, which could be carried out via a Trojan horse, or by exploiting a vulnerability in a program that accesses the Internet (such as a web browser).” The security firm admits that it hasn’t encountered situations where Macs actually got infected. However, “The fact that this malware is being distributed on a number of forums shows that it will be accessible to a large number of malicious users who may attempt to use it to attack Macs,” Intego warns, although there’s obviously nothing to be alarmed about.
As a means of protection (the company’s favorite part), “Intego VirusBarrier X6 detects and eradicates this malware, which it identifies it as OSX/HellRTS.D, with its threat filters dated April 15, 2010 or later.” If you’re feeling insecure, go ahead and grab it below.