New Mac backdoor Trojan horse discovered

 

Pinhead or HellRTS? What’s in a name?

 

Mac malware is making the headlines again – this time in the form of a remote access trojan which has been given the name OSX/HellRTS.D by French security firm Intego.

 

The folks at Intego blogged about the new Mac threat they discovered, which when run on a Mac OS X computer can allow remote hackers to gain access.

 

Users of Sophos Anti-Virus for Mac are protected, as we detect the malware as OSX/Pinhead-B, but presently it looks like this is not considered a serious threat and we have received no reports of infections from customers.

 

It does, however, appear to have been distributed disguised as iPhoto, the photo application which ships on modern Mac computers. This is clearly an attempt to fool victims via a social engineering trick into installingt the malicious code on their computers.

 

As always, be careful about the origin of applications you run on your computer, and keep your protection up-to-date. As many Mac users do not presently run any anti-virus software at all, they could be considered a soft target for more attacks like this in the future.

 

There’s a lot less malicious software for Mac computers than Windows PCs, but the fact that so many Mac owners don’t take security seriously enough might encourage an increasing amount of crime on their platform going forward.

 

By Graham Cluley, Sophos

 

 

Mozilla admits Firefox add-ons contained Trojan code

Mozilla has issued a warning that two add-ons available from AMO (addons.mozilla.org, the Mozilla Add-ons website) were infected by malicious code capable of infecting Windows computers.

 

According to a security notice on AMO’s blog, the Master Filer add-on was infected by the LdPinch password-stealing Trojan, and Sothink Web Video Downloader version 4.0 was infected by a version of the Bifrose backdoor Trojan horse.

 

Judging by the statement on the Mozilla Add-ons blog, a fair few people could have found that their Windows computers were infected:

 

Master Filer was downloaded approximately 600 times between September 2009 and January 2010. Version 4.0 of Sothink Web Video Downloader was downloaded approximately 4,000 times between February 2008 and May 2008. Master Filer was removed from AMO on January 25, 2010 and Version 4.0 of Sothink Web Video Downloader was removed from AMO on February 2, 2010.

Versions of Sothink Web Video Downloader greater than 4.0 are said not to be infected. Furthermore, both Trojans were specifically written for Windows, meaning they could not infect on Mac OS X and Linux installations of Firefox.

This isn’t the first time malware has slipped through Mozilla’s security procedures. In May 2008, users who downloaded Firefox’s Vietnamese language pack were warned that it had contained a malicious script designed to display irritating advertising messages.

 

Mozilla says that in light of the security lapse it has strengthened its systems, scanning all add-ons with additional anti-virus tools.

 

Personally, I would recommend that all computer users remember not to rely on someone else doing the virus scanning for them, and ensure they have anti-malware protection running on their computer.

 

By Graham Cluley, Sophos