updated 10:30 am EST, Mon February 28, 2011
Allows for phishing, shell commands
A new backdoor Trojan is targeting Mac users, says security firm Sophos. The attack is delivered via a client called BlackHole RAT, which in turn is based on Windows software known as darkComet. RAT is described by as "very basic," and effectively a beta, as even its creator admits that it's unfinished. It can nevertheless do some serious damage, as it allows an attacker to run shell commands or pop up a fake "Administrator Password" window to phish a person's account data.
Other options include dropping text files on a desktop, or sending URLs that open a website. A targeted Mac can be made to sleep, shut down or reboot; in that regard, a fullscreen window can be triggered which only offers the option of rebooting. "I am a Trojan Horse, so i have infected your Mac Computer," the window reads by default. "I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it. So, Im a very new Virus, under Development, so there will be much more functions when im finished."
The Trojan can end up on a Mac in several ways. While downloading pirated software is one, it can also be delivered via vulnerabilities in browsers, plugins and other programs. Some existing antivirus utilities, such as Sophos', should be able to scrub the malware.