Watch out for PokerGame trojan
In the wake of the ARDAgent vulnerability discovered yesterday, we all have something new to look out for: OSX.Trojan.PokerStealer is the official name of a trojan horse masquerading as a poker game. The trojan is distributed in a 65K .zip archive.
According to security company Intego, running the trojan activates SSH, and transmits the username, password hash, and IP address of the computer to a server. It asks for an administrator's password after displaying a message about a corrupt preference file that needs to be repaired.
The "PokerGame" application is 159,843 bytes, and includes the text "Copyright 2008 Andrew" in the version information (visible in Get Info).
As always, please remember to use extreme caution when running applications downloaded from the Internet, or received via email.
Thanks to Rosaline from Intego for the heads-up.
Share
Categories
In the wake of the ARDAgent vulnerability discovered yesterday, we all have something new to look out for: OSX.Trojan.PokerStealer is the...
Add a Comment
And wouldn't Little Snitch stop this from connecting to the server, rendering it completely useless?
June 22 2008 at 8:06 AM Report abuse Permalink rate up rate down ReplySo is this a sign that Apple's market share in the PC world is gaining immensely where stuff like this pop up? Is it time to find an anti-virus software for the Mac (if one even exist)? Or is this a non-story?
June 21 2008 at 7:46 PM Report abuse Permalink rate up rate down ReplyThis is good for post-mortems. For software you don't trust.
http://rixstep.com/4/0/tracker/
As for finding the server this trojan sends to: it's probably embedded in the binary. If anybody has the package they can look and post the location of the server. A US ISP would probably shut them down right away.
I've often wondered why people don't just find the server (or authors) and hack it, infecting it with other viruses or mess up the server itself. Is there anyone willing to take their disgust with people who create viruses/trojans and attack their server? After all, I doubt the feds would be to upset over someone taking down a site that is doing malicious things. Its just been a query with me. Or is my idea too much Hollywood?
June 20 2008 at 9:04 PM Report abuse Permalink rate up rate down ReplyIt's too 'vigil ante'. Old west law. Prairie justice. And maybe too bad too - I think there are a lot more good guys out here than bad guys. BUT, what about the innocents? Little servers that have been hacked and are being used by the bad guys, but are actually the server for some innocent business or even charity? If the good guys take 'em down, do they have the responsibility for settin' 'em back up? I think that's where the line is drawn...
June 21 2008 at 12:04 AM Report abuse Permalink rate up rate down ReplyNice of them to post the server it uses so we can all black list it.
June 20 2008 at 7:44 PM Report abuse Permalink rate up rate down ReplyI'll send an email to Steve so he can call up god and get this taken care of. : )
June 20 2008 at 5:56 PM Report abuse Permalink rate up rate down ReplyWhy don't they just find what server it is submitting the info to, then shut that ass down???
June 20 2008 at 4:19 PM Report abuse Permalink rate up rate down ReplySo, you still need to enter your password before it will do anything? Also, does it work in non-Admin accounts?
June 20 2008 at 4:17 PM Report abuse Permalink rate up rate down ReplyI think you mixed up the tags and read links. :)
June 20 2008 at 4:10 PM Report abuse Permalink rate up rate down ReplyThanks for that -- should be fixed now. :)
June 20 2008 at 4:19 PM Report abuse Permalink rate up rate down ReplyHot Apps on TUAW
Deals of the Day
more deals- iFrogz Luxe Lean Hard Case for iPod touch for $10 + free shipping
- Refurbished MacBook Air Laptops: Deals from $849 + free shipping
- iFrogz Breeze Hard Case for iPhone 4 / 4S for $16 + free shipping
- Ventev UltraTHIN Hard Shell Case for iPhone 4 for $2 + $2 s&h, more
- Body Glove Matrix Case for iPhone 4 / 4S for $3 + $2 s&h
- Pogoplug Premium Personal Cloud for PC and Mac for $10 + free shipping
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
14 Comments