Sophos warns Apple Mac users not to be complacent about security as new Trojan horse surfaces

June 23, 2008 Sophos Press Release

Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centers, have issued a warning advising Apple Mac users to ensure they are taking sufficient precautions to safeguard their computers, as a new Trojan horse for the Mac OS X platform is discovered.

TheOSX/Hovdy-A Trojan horse is capable of infecting Mac OS X computers, in an attempt to steal passwords, open firewall to give access to hackers, and disable security settings.

"It's true that Mac OS X computers are far less commonly targeted than Windows PCs by hackers and malware authors, but that doesn't mean that Apple lovers can rest on their laurels and disregard common sense when it comes to securing their computers," said Carole Theriault, senior security consultant at Sophos. "In the last twelve months, we have seen growing evidence that cybercriminals are looking increasingly for opportunities to hack into Mac computers for financial gain. Although the problem is much smaller than on Windows, Mac users would still be wise to ensure that they run an anti-virus, keep up-to-date with security patches, and to exercise care as to which programs they choose to install on their computers."

The Hovdy-A Trojan horse takes advantage of a recently publicised vulnerability in Apple's Mac OS X operating system, affecting its Apple Remote Desktop Agent (ARDAgent), to gain root access. Once a computer has been exploited, the hacker can gain complete control of the compromised Macintosh - covering its tracks by disabling system logging.

"Like many Windows attacks, this Mac Trojan horse relies on the user giving it permission to install itself. Using social engineering techniques, the Trojan horse could be disguised as a game, a video codec, or a handy new utility. Sadly, many Mac users are just as willing as their Windows-based cousins to install a program without careful thought as to safety," continued Theriault. "We are not witnessing a large scale attack by this Trojan, but it is worrying to see yet more hackers turning their malevolent gaze to the Mac platform."