June 20 - 8:40am EDT   Multiple variants of a new 'Trojan Horse', designed to allow a malicious user complete remote access to a Mac OS X system have been discovered in the wild earlier this week according to makers of Mac anti-spyware and anti-virus solutions SecureMac. Dubbed 'Applescript.THT Trojan' and disguised as an application bundle called 'AStht_v06' (3.1MB in size), the malware seemingly originated, and is distributed via a 'hacker' website, as well as Limewire and iChat. Post system infiltration, the malicious script can reportedly "log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing". A 'copy cat' program based on the ... [full story]

January 9 - 12:10am EST   The iPhone recently fell victim to its first Trojan attack, which came in the form of a malicious file named “113 prep”. While installation of the phony application is relatively benign – the app merely says “shoes” when activated – uninstalling the file causes damage to or deletes system-critical files in the /bin directory on the iPhone. In addition to harming the devices own software, third party utilities are also being rendered useless through the same means. This attack was orchestrated by an 11-year-old, and has some modmyifone.com forum members laughing to ease the pressure using references to the 1995 film Hackers, due to the similarity of circumstances. [full story]

January 3 - 6:45pm EST   SecureMac has announced a free Trojan Detection Tool dubbed DNSChanger Removal Tool. DNSChanger Removal Tool detects and removes latest spyware targeting Mac OS X: DNSChanger Trojan (also known as OSX.RSPlug.A Trojan Horse). This trojan attacks users attempting to play a fake video file. Affected systems are used to hijack some Web requests that lead users to other phishing sites, or simply display ads for other pornographic websites to generate ad revenue. Phishing attacks may lead users to believe they are surfing to eBay, Paypal, or various banks when in fact they are accessing specially-crafted mockups designed to retrieve usernames and passwords for those sites. ... [full story]

November 29 - 4:45pm EST   Networking security hardware manufacturer SonicWALL recently announced that it has distributed defensive measures to users of it's Unified Threat Management technology, against zero-day vulnerability exploits found in QuickTime. Malicious websites are able to create a stack-based buffer overflow in Apple's media player, by providing a phony movie file that, when activated, executes a series of code that allows a users machine to be taken over. SonicWALL says that the problem lies within the "Content-Type" header field that is sent from the server, which is not properly verified by the client's QuickTime. Once the "Content-Type" field reaches a certain length, a Buffer ... [full story]