Wild trojan found

Might already be known (and if so quickly ignore this post), but Maclife stated that a Trojan in the wild has been found. Link is:

http://www.maclife.com/article/mac_trojan_horse_found_in_the_wild

 

Again we're talking about:

 

Regardless, it's still a threat and it's out there.
So thanks to the OP for the news.

 

This exploit can be placed in any installers preflight script to run, and you wouldn't even be aware of it. It is a serious vulnerability.

To test if your system is vulnerable:

Code:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"';

Workaround fix for this is by removing the setuid bit in the ardagent.

 

Well, yeah, that's what "trojan" means... something people are tricked into running.

 

Can you provide more detailed instructions for doing this?

 

Code:

sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

This removes the setuid bit in ardagent, that means it can't elevate permissions to root. If you execute the command I gave before it should return your username instead of root.

 

Much obliged. Thanks.

+rep

 

Lol, this is old news. I remember this trojan back 2 years ago. Just dont use limewire and dont accept suspicious files via ichat from people you dont know and dont open it.

 

Well.. looks like it's time to jump ship. How's linux doing these days =p?

/end sarcasm.

Seriously though, thanks for the heads up.

 

Linux is pretty alright, we don't really have any problems but it depends on what you want/need.

 

My guess is that Linux and OSX are about on an even level concerning malware. Neither system is popular enough in comparison with Windows for most hackers and thieves to bother wasting their time. Sooner or later though, both will probably be hit with crap from the jerks out there, unfortunately.

 

But the difference is that Linux is open source, so as soon as a vulnerability is found there will be a fix as soon as possible. I'm not sure how well this goes for OSX though but i'm pretty sure it's about the same.

 

i dont know.

open source is great, but it doesn't necessarily mean that everything is going to get fixed immediately.

in fact, open source development tends to be slower. the final products are usually high quality because the people who are making them do it out of their own enjoyment...

but you can't spend every second of your life working on your hobby that generates nothing for you... i'm not sure how speedy the responses will be to security issues with linux...

still- unix and linux are both designed around the concept of securing the kernal, so i think even in the long run they will be better off.

 

I sincerely hope it stays that way. That would be my luck, finally switch to Mac, and have it become a haven for virii.

 

I'll have to disagree with you on this one and link to Linus's Law. It took a few days to patch the SSL security bug Debian had, try finding that same level of dedication with a Windows bug (i haven't used OSX so i don't have much experience with it besides what i read). With Windows you have to wait until SP1 or until MS decides to patch the flaw, I've heard that OSX is pretty fast but you can only pay a certain amount of people. While Apple may have 5,000 employees, Linux has over 1,000,000 developers who take the time to work on it.