Two Trojans For Mac OS X

[parachute]

"F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerability to get root access when run by the user. The second relies on social engineering: it's a poker game that requests the user's password, claiming to have detected a 'corrupt preference file.' It then takes control of the computer. Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password."

 

http://it.slashdot.org/it/08/06/25/0032226.shtml

[Maxintosh]

The first one is NOT a trojan, and no viruses are, or ever were involved. It is simply a hole in Apples Remote Desktop Agent. Apple is aware of this problem. There are limits to its execution but I'm sure Apple will have it plugged within a week or so anyway. They are rather fast when it comes to things like this, but if you're still worried you can get around it. Running the following command to remove the setting of user/group ID upon execution will prevent the execution of commands as root:

 

sudo chmod -s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

 

You can easily switch it back to normal by entering the same code with the "+s" option instead of "-s", as follows:

 

sudo chmod +s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

 

As always; BACKUP your system BEFORE performing any commands. Neither I nor this site is responsible for your own actions, or lack thereof.