Two Trojans For Mac OS X

I Don't Believe in Imaginary Property writes "F-Secure is reporting that there are two new Mac OS X trojans. The first is just a proof-of-concept from the MacShadows people that takes advantage of the unpatched ARDAgent vulnerability to get root access when run by the user. The second relies on social engineering: it's a poker game that requests the user's password, claiming to have detected a 'corrupt preference file.' It then takes control of the computer. Now that the source of the proof-of-concept is publicly available, we can expect that future trojans won't just politely request your password."

Re:Proof of Concept Slashdot Trojan

[clang_jangle]

And where's the comment playing down the seriousness of the first proof-of-concept? The one that uses an unpatched ARDAgent vulnerability?

All I know is (1) it doesn't run on my Mac (or a lot of other people's Macs), I tried it, and (2) the workaround is terribly easy

Some Mac users just can't face that they're not as invincible as Apple marketing wants them to think, and reject any evidence to the contrary.

Maybe. But some Mac haters just can't face that they're far more vulnerable than we are and reject any evidence to the contrary.

Wait a minute...

[rgviza]

OSX and linux are immune to viruses and don't get malware!!!

>plant tongue firmly in cheek /end sarcasm

I hate to say it but I told you so. I cringe every time I see some moron recommending linux or OSX "because they don't get viruses and are immune to malware".

And no, I'm not a windows user (except at work, Gentoo at home).

The reason for the "immunity" is that people simply haven't targeted these os's yet. 0day will get here eventually... just give it time.

-Viz

microsoft

[mapleneckblues]

Waiting for the fanbois to start blaming microsoft.