Latest Mac OS X Trojan Might Be Sign of Things to Come
It’s been more than 10 days since the latest AppleScript.THT Trojan horse for Mac OS X reared its ugly head, yet still no word or fix from Apple. The new threat to versions 10.4 and 10.5 is classified as critical by the SecureMac security site, exploits a hole in the Apple Remote Desktop Agent to completely overtake an infected Mac and delete files and wreak other kinds of havoc. This threat, discovered on June 19, was made public on the SecureMac site a week ago today.
There have been a few rumblings on Apple’s discussion forums, but to date, no official advice from the company. Two others Trojans were reported earlier in June involving an ARDAgent executing code as a root user. In all cases, the offending file must be downloaded and executed.
The threat “is distributed as either a compiled AppleScript, called ASthtv05 (60 KB in size), or as an application bundle called AStht_v06 (3.1 MB in size),” according to the warning. Moving itself to the /Library/Caches folder, it runs hidden, and unless renamed, can be found there as “AStht_06.app.” It also adds itself to the System Login Items, and turns on file sharing, Web sharing and remote login.
