Risk
6/25/2008
08:32 AM
50%
50%

Another Security Threat Aimed At Macs Found On The Web

Security vendor Intego said the latest malware masquerading as a program for Mac OS X is called "PokerGame."

Another Trojan targeting the Mac has been found on the Web, as the number of malicious applications increases with the growing popularity of Apple computers.

Security vendor Intego discovered the latest malware masquerading as a program for Mac OS X called "PokerGame." The application is a script wrapped in an executable bundle that's distributed by e-mail as a Zip file.

When opened, the "PokerStealer Trojan" asks the victim for his administrator's password. If it's given, the program then opens a secure shell, or SSH, on the Mac to establish communications with a remote server, Intego said. SSH is a network protocol that allows data to be exchanged using a secure channel between two computers.

Once communications between the infected computer and server have been established, the Trojan sends the user name and password, along with the IP address of the Mac. After gaining access to the computer, hackers can attempt to take control of them, delete files, damage the operating system, or perform other tasks.

Intego first reported the Trojan on Friday, a day after security vendor SecureMac reported finding multiple variants of a Trojan also capable of letting a hacker remotely commandeer a Mac.

The malicious code was being distributed from a hacker Web site, where there had been discussions on distributing the Trojan through iChat and LimeWire, said SecureMac, which gave the Trojan a "critical" security rating. The program can infect Mac OS X 10.4 and 10.5 machines.

A Trojan is a program that appears legitimate, but performs illicit activity when it is run, such as stealing passwords, making the system more vulnerable to future entry, or simply destroying programs or data on the hard disk. LimeWire is a popular peer-to-peer file-sharing program, and iChat is Apple's instant messaging client.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2004-2771
Published: 2014-12-24
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVE-2014-3569
Published: 2014-12-24
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshak...

CVE-2014-4322
Published: 2014-12-24
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or c...

CVE-2014-6132
Published: 2014-12-24
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML vi...

CVE-2014-6153
Published: 2014-12-24
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.