April 16, 2010 Intego discovered a new variant of a malware for Mac, called HellRTS. When installed on computers running Mac OS X, HellRTS opens a backdoor that allows remote users to take control of infected Macs and perform actions on them.
HellRTS, built in RealBasic, and a Universal Binary able to run on both PowerPC- and Intel-Based Macs, is able to perform a number of operations if installed on a Mac. It sets up its own server and configures a server port and password. It duplicates itself, using the names of different applications, adding the new version to a user’s login items, to ensure that it starts up at login. (These different names can make it hard to detect, not only in login items, but also in Activity Monitor.) It can send e-mail with its own mail server, contact a remote server, and provide direct access to an infected Mac. It can also perform a number of operations such as providing remote screen-sharing access, shutting down or restarting a Mac, accessing an infected Mac’s clipboard, and much more.
Read the whole press release.
Their solution VirusBarrier X6.
ShareThis
Get your free copy of «iPad Video Converter for Mac» – Other … | The Apple Ipad Blog says:
[...] LinkedIn Mac Users Group | Blog | HellRTS Backdoor Allows Malicious Remote Users to Contro… [...]
May 21, 2010, 4:48 am