updated 01:15 pm EDT, Fri April 16, 2010
Malware can set up its own server on infected Mac
Intego has sent out an alert to a new form of Mac malware called HellRTS. It is a low risk backdoor code allowing remote users to take control of a computer. The RealBasic-built, universal code can set up its own server on an infected Mac, configure a server port and password. It duplicates itself, using the names of Mac applications, adding the new applications to a user's login items, ensuring that it starts up at login. It sends e-mail via its own mail server, contacting a remote server to give access to an infected Mac.
It can also perform a number of operations such as providing remote screen-sharing access, shutting down or restarting a Mac, accessing an infected Mac's clipboard, and much more.
The malware requires installation on a Mac via a Trojan horse, or through a web browser. Intego has not found any Macs being infected in the wild, but it will be accessible to a large number of users who may attempt to use it to attack Macs at some point.