The OSX/Hovdy-A Trojan horse, which relies on the user giving it permission to install itself, is an attempt to steal passwords, open firewall to give access to hackers, and disable security settings.
The Hovdy-A Trojan horse takes advantage of a vulnerability in Apple’s Mac OS X operating system, affecting the Apple Remote Desktop Agent (ARDAgent), to gain root access. Once the user has given permission and installed the OSX/Hovdy-A Trojan horse, the hacker can gain complete control of the compromised Macintosh – covering its tracks by disabling system logging.
This Trojan horse relies on the user giving it permission to install. Using social engineering techniques, the Trojan horse could be disguised as a game, a video codec, etc.
When run the Trojan will attempt to install itself to the /Library/Caches folder and perform the following tasks:
– disable system logging and delete system log files
– start PHPShell and web server
– start ARD, VNC and SSH services
– disable system updates
– open ports in the firewall
– disable third party security software
– steal various password hashes and keys which may be used to compromise other systems
OSX/Hovdy-A will also attempt to use the ARDAgent vulnerability to obtain root access.
More info via Spohos here.
MacDailyNews Note: As always, do not download, authorize, and install software from unknown, untrusted Websites or any other sources.
*yawn*
Nothing to see here folks. Move along.
Gee MDN I have been reading about this for two or three days now, where have you been?
OOOooo a trojan horse! I am soo scared. That does it. I’m going to get some Vista tomorrow.
@ Kit-N, my bad, just started ranting and couldn’t stop… lol
I don’t know…I think Ron is a bit more entertaining than Zune Tang….
“When run the Trojan will attempt to install itself to the /Library/Caches…”
And what would its name be? Seems like it would be simple enough to delete it if there were only some way to identify it.
@Smackman: naw… he uses the word “fag” too much… and he doesn’t have a slogan either… lol But does it really matter? they’re both idiots… at least ZuneTang doesn’t really mean it.
Another example of the millions of ways in which the Mac is exploited each day.
I am truly grateful for this process; culling the tards from the herd is natural process and should be embraced, as it only makes us stronger.
oh, and ron reminds me of a 13 year old nerdy boy who cant stand in the sun for more than 5 minutes because his skin is so pale from playing Halo 3 all day…
@mdabrosca
Good luck getting an answer on this forum. I asked for suggestions to avoid Trojans and now you are asking how to discern if you have a Trojan.
I’ll don’t think this forum is the place to discuss things in a mature manor. It’s more about cracking jokes and getting attention. It is what it is. Lots of people enjoy MDN.
At least it’s not a Spartan… then we would really be screwed.
http://dubiousacademia.com/blog/wp-content/uploads/2007/04/spartan40.bmp
btw… anyone computer nerd worth their salt can write an applescript that is more dangerous than this little nasty.. Until there is an actual virus.. I will continue to be a smug apple fanboy.
I’m not really interested in this latest FUD.
I’m interested in knowing why ‘Ron’ thinks semen tastes like pudding. I need to tell my girlfriend something.
Bandit,
MacUpdate and VT are your best choices. Also HyperJeff.
Stay the course, buddy.
ron = Ballmer.
Dork.
I look forward to hearing if anyone AT ALL falls foul of this Trojan which is almost certainly created by the security companies reporting it…
@ RON
MAC stands for Media Access Control. This is a Macintosh site, not a Media Access Control discussion group.
Ron just played many of you like a $10 guitar with his thinly veiled sarcasm.
That ron perv is an impostor. Get yer own monicker, wrong ron.
everyone – just ignore ron – obviously he’s a troll.
to the real ron..i meant the fake ron…
It seems that ron suffers from a low self-esteem from using Windows and all the viruses, trojans and errors it has. As a result, he’s desperate to prove that the Mac OS is just as inferior as Windows. I just amazes me how emotional invested Windows users are in such a flawed OS.
Hey ron…dump Windows and go with something that isn’t a hacker’s paradise.
the hotfix for this is ridiculously easy
http://www.macosxhints.com/article.php?story=20080620052233168
again, mountains out of mole hills thank you mass media
Blaaah Mac OS is just another lame Windowz flavor now…this sukz:(
Hey, I kinda liked Ron’s comments (however stupid), and would like to read mor in future.
Come join me in chanting for him to add mor: Mor-Ron, Mor-Ron, Mor-Ron…
The OSX/Hovdy-A Trojan horse … relies on the user giving it permission to install itself
</i>Let FUD begin!</i>
I gave a stranger the keys to my car, and he gained both access and complete control.
In another era I’d be an naive idiot. Today I’d blog (and possibly sue) how I was victimized by the automaker’s poor design…
” width=”19″ height=”19″ alt=”raspberry” style=”border:0;” />
Apparently, you can block this Trojan by activating (yes, activating) Remote Access in System Settings—>Sharing. The little bugger only works with deactivated Remote Access. Case closed, nothing to see, folks.