Saturday, August 2, 2008

The AppleScript.THT Trojan Horse ***NOW INERT***

Malware #2 for Mac OS X has been discovered in the wild:
The AppleScript.THT Trojan Horse.

Good news:
This is just a Trojan Horse. It has to be installed by the user. Otherwise it is inert, meaning that it does not qualify as a virus. The continued non-existence of self-replicating malware for Mac OS X is a great relief and a big kudo for Mac security.

Bad news:
(besides me missing the discovery of this one by 6 weeks):
There are multiple variants of this malware in the wild. It can take over an Apple Remote Desktop system and do essentially anything to Macs it can successfully access. As to what exactly that means depends upon how someone has ARD setup on their machine.

Read all about it:

ComputerWorld
SecureMac

~~~~ New News ~~~~

Apple's Security Update 2008-005 made this Trojan inert. IT'S DEAD.

Therefore, I consider it deleted from the malware threat list for Mac OS X. That leaves only Trojan OSX.RSPlug.A and its variants (included Trojan OSX.RSPlug.D) as the ONE (1) Mac malware threat. But read on to the next article as a new #2 has hit the town. It's called Trojan OSX.Lamzev.A.