Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Intego Security Memo: OSX.Trojan.PokerStealer Trojan Horse

June 2008 by Intego Security Alert

Attempts to Take Control of Macs

Exploit: OSX.Trojan.PokerStealer

Discovered: June 20, 2008

Risk: Low

Description: A Trojan horse has been found in the wild masquerading as program for Mac OS X called “PokerGame”. The Trojan in question is a shell script encapsulated in an application, and is distributed in a 65 KB Zip archive; unzipped, it is 180 KB.

The Trojan horse, when run, activates ssh on the Mac on which it is running, then sends the user name and password hash, along with the IP address of the Mac, to a server. It asks for an administrator’s password after displaying a dialog saying, “A corrupt preference file has been detected and must be repaired.” Entering the administrator’s password enables the program to accomplish its tasks. After gaining ssh access to a Mac, malicious users can attempt to take control of them, delete files, damage the operating system, or much more. Intego VirusBarrier X4 and X5 with virus definitions dated June 20, 2008 protect against this Trojan horse. Intego recommends that users never download and install software from untrusted sources or questionable web sites.

See previous articles


See next articles