Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Intego Security Memo: HellRTS Backdoor Can Allow Malicious Remote Users to Control Macs

April 2010 by Intego Security Alert

Malware: OSX/HellRTS.D

Discovered: April 14, 2010

Risk: Low

Description: Intego has discovered a new variant of a malware for Mac, called
HellRTS, which, when installed on computers running Mac OS X, opens a backdoor
that allows remote users to take control of infected Macs and perform actions on them.
Intego identifies this backdoor as OSX/HellRTS.D, a variant of an early Mac OS X
malware first spotted in 2004.

HellRTS, built in RealBasic, and a Universal Binary able to run on both PowerPC- and
Intel-Based Macs, is able to perform a number of operations if installed on a Mac. It
sets up its own server and configures a server port and password. It duplicates itself,
using the names of different applications, adding the new version to a user’s login
items, to ensure that it starts up at login. (These different names can make it hard to
detect, not only in login items, but also in Activity Monitor.) It can send e-mail with its
own mail server, contact a remote server, and provide direct access to an infected Mac.
It can also perform a number of operations such as providing remote screen-sharing
access, shutting down or restarting a Mac, accessing an infected Mac’s clipboard, and
much more.

This backdoor requires installation on a Mac, which could be carried out via a Trojan
horse, or by exploiting a vulnerability in a program that accesses the Internet (such as a
web browser). While Intego has not found any instances of Macs being infected by this
in the wild, the fact that this malware is being distributed on a number of forums shows
that it will be accessible to a large number of malicious users who may attempt to use it
to attack Macs.

Means of protection: Intego VirusBarrier X6 detects and eradicates this malware,
which it identifies it as OSX/HellRTS.D, with its threat filters dated April 15, 2010 or
later.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts