The OSX/Hovdy-A Trojan horse, which relies on the user giving it permission to install itself, is an attempt to steal passwords, open firewall to give access to hackers, and disable security settings.
The Hovdy-A Trojan horse takes advantage of a vulnerability in Apple’s Mac OS X operating system, affecting the Apple Remote Desktop Agent (ARDAgent), to gain root access. Once the user has given permission and installed the OSX/Hovdy-A Trojan horse, the hacker can gain complete control of the compromised Macintosh – covering its tracks by disabling system logging.
This Trojan horse relies on the user giving it permission to install. Using social engineering techniques, the Trojan horse could be disguised as a game, a video codec, etc.
When run the Trojan will attempt to install itself to the /Library/Caches folder and perform the following tasks:
– disable system logging and delete system log files
– start PHPShell and web server
– start ARD, VNC and SSH services
– disable system updates
– open ports in the firewall
– disable third party security software
– steal various password hashes and keys which may be used to compromise other systems
OSX/Hovdy-A will also attempt to use the ARDAgent vulnerability to obtain root access.
More info via Spohos here.
MacDailyNews Note: As always, do not download, authorize, and install software from unknown, untrusted Websites or any other sources.
“New Mac OS X Trojan horse identified”
was it Mr Ed?
so *that’s* why he never sired!….
http://www.macworld.co.uk/digitallifestyle/news/index.cfm?newsid=21763
@ron: iPhones are better at porn! We can even satisfy our gay porn urges better than windows mobile users!
HA
@ hagar57
“Apparently, you can block this Trojan by activating (yes, activating) Remote Access in System Settings—>Sharing. The little bugger only works with deactivated Remote Access. Case closed, nothing to see, folks.”
This is not correct – it depends on how the ARDagent is launched, and the script continues to kill and relaunch it until it gains root access – This usually takes about 3-5 tries (or about 2 seconds). Unfortunately having ARD activated will not block or disable this script from running.
we all may be baby batter eating homos but at least we don’t use PCs.
hagar57,
So what are the exact steps to activate Remote Access. I think I can follow your logic but a series of steps would be cool.
I’m disappointed by this article because it doesn’t describe the language used by the trojan to gain a password from the user. What is the name of the program? What kind is it? Does it pretend to be an update to existing software likely on the Mac or is it something that tells you need to install in order to access a web site?
As usual, shoddy journalists can’t ask even the most basic of questions. But, OOOOO! Boogey Uugey! There a new Mac OS X vulnerability! Go buy our “security” software before it’s too late!
Pathetic.
Hey People… There aren’t many viruses “NOW” for XP or Vista either.
Most “attacks” these days are Trojans… and Apple users are more vulnerable to these attacked as they have a false sense of security. Like it or not, a Trojan that disguises itself as a Video codec is a dangerous thing.
Videos are pervasive. How many here have never downloaded a video that they couldn’t watch? How many then went out to D/L a codec?
@ G4Dualie: Here, here!
I’ve fixed so many PeeCees that have been crapped out because of dumbasses installing random shit that I wholeheartedly agree. I don’t work on PeeCees anymore because 9 times out of 10, the user installed something that someone (they didn’t even know) emailed them, and I don’t have time to fix stupid. Thing is they will turn around the next day and do the same thing again. I really don’t have time to fix stupid twice.
To everyone who thinks, “But OMGWTFBBQ!!!!1!!!!1! My Grandmother doesn’t know about these things! She’s not stupid, just uninformed!” Get over it. If some random stranger walked up to her on the street and asked for her credit card, she’d be damned sure to say no (I hope). This really *is* the same thing — just like in real life, there are mean people on teh internets. We all need to remember, as suggested in MDN’s take, to act accordingly.
@ ApplePi
You never need to with players like VLC. Where the hell are you getting your codecs from . . . P2P ? Even before VLC I only had to venture to the dixv home page .
There’s very little random to install these days imho
Message to Ron:
Sounds like you’re a little stressed.
Go to the beach, lie in the sun, sip a cold beer, reflect upon the good times.
In short — relaaaax!
MDN, why do you not moderate the posts here on your site? Do you know how much credibility you lose by allowing posts like ron has submitted? I can imagine the demographic you’re playing to, something your advertisers are probably oblivious to (maybe they should be alerted that you allow such vitriol to remain on the site, and by someone who is in a demographic that actually has some disposable income).
are so many people really so unaware of history that they are unable to connect the word “trojan” to the historic event and thus figure out that the user has to *let*the*bad*guys*in!
ladies and gentleman, the products of our fine educational system…..
Hay shen, don’t nock it, as a produck of are edgicashunal sistim, I can tell you that are edgicashunal sistim is just fine.
@ the fake Ron
man-pudding … baby batter… sausage smugglers???
I know you are just having fun by tossing agrenade into the lake and see what floats up as a consequence but seriously man…knowing all these different terms for semen should be telling you something about your subconscious desires. Scary.
To the real Ron. I knew it wasn’t you because you are not this funny.
“are so many people really so unaware of history that they are unable to connect the word “trojan” to the historic event”
In that case, it should only be release at night, pay tribute to Athena and attack your family while they sleep.
Or for a modern twist, it could be a simple web animation teasing you to click on a prostitute’s tongue for some free action.
Remember, never look a GIF whore in the mouth.
“be release”
S.B. released.
OMG!!!!
I HAD NO IDEA MAC OS ACTUALLY EXECUTES CODE!!!!???! WTF!!!
hey tt, some code just has to die…..
Is it time we Mac users look here:
http://www.intego.com/virusbarrier/ ?
@ AppleMacMan
You can’t fool me with your links to trojan horse sites
” width=”19″ height=”19″ alt=”shock” style=”border:0;” />
Oh my god how come there is a hack for the Operating Systems that GOD made in Cupertino. I was under the impresseion that this OS X thing is perfect and can run on 640K for RAM and can compute human DNA molecules with 200 Mhz of CPU.
NOT SO PERFECT AFTER ALL.
We may all enjoy a bit of sausage smuggling, but at least we don’t use PCs.
Ampar: Momma, What’s that scab on your lip?
Ampar’s Mom: Stop looking at me in the mouth!
Afib, that didn’t even make sense. Are you high? (again)
@ DJ
Ixnay on the eerbay! Ron is underage.