OSX.Trojan.PokerStealer Trojan Horse
Attempts to Take Control of Macs
Exploit: OSX.Trojan.PokerStealer
Discovered: June 20, 2008
Risk: Low
Description: A Trojan horse has been found in the wild masquerading as
program for Mac OS X called “PokerGame”. The Trojan in question is a shell
script encapsulated in an application, and is distributed in a 65 KB Zip
archive; unzipped, it is 180 KB.
The Trojan horse, when run, activates ssh on the Mac on which it is
running, then sends the user name and password hash, along with the IP
address of the Mac, to a server. It asks for an administrator’s password
after displaying a dialog saying, “A corrupt preference file has been
detected and must be repaired.” Entering the administrator’s password
enables the program to accomplish its tasks. After gaining ssh access to a
Mac, malicious users can attempt to take control of them, delete files,
damage the operating system, or much more.
Intego VirusBarrier X4 and X5 with virus definitions dated June 20, 2008
protect against this Trojan horse. Intego recommends that users never
download and install software from untrusted sources or questionable web
sites.
http://www.intego.com