Mac OS X Security Threat Discovered

The malicious code distributed from a hacker Web site has been given a "critical" security tag, but can infect only certain versions of the Mac OS.
Security vendor SecureMac has discovered multiple variants of a Trojan capable of letting a hacker remotely commandeer a Mac computer.

The malicious code is being distributed from a hacker Web site, where there have been discussions on distributing the Trojan through iChat and LimeWire, said SecureMac, which has given the Trojan a "critical" security rating. The program can infect Mac OS X 10.4 and 10.5 machines.

A Trojan is a program that appears legitimate, but performs illicit activity when it is run, such as stealing passwords, making the system more vulnerable to future entry, or simply destroying programs or data on the hard disk. LimeWire is a popular peer-to-peer file-sharing program, and iChat is Apple's instant messaging client.

Besides offering a hacker remote access to the system, the Trojan discovered by SecureMac can transmit system and user passwords. Additionally, the application can log keystrokes, take pictures with the built-in camera on a Mac, take screenshots, and turn on file sharing.

The program takes advantage of a flaw within the Apple Remote Desktop Agent. The program avoids detection by opening ports in the firewall and turning off system logging.

The Trojan is distributed as AppleScript called Asthtv05 or as an application bundle called Astht_v06. The filed must be downloaded and opened in order to infect a machine.

Malicious code targeting the Mac isn't new. Apple in May released a patch for a serious vulnerability within its iCal calendar application. The flaw made it possible for an attacker to exploit the vulnerability by adding or modifying files on a CalDAV server. The code is distributed as an .ics calendar file in an e-mail attachment, or through a malicious Web site.