A new Trojan horse, called Blackhole Rat, which is a security threat has recently surfaced as a backdoor Trojan for OS X. This malware lets an attacker connect to a system using a client application and performs tasks on the computer like shutting it down, restarting it, creating files on the desktop, opening URLs in a Web client, requesting administrative passwords, and messaging the current user. Some of it may be harmless, if annoying. But others may be distressing and disturbing.
Any Trojan horse program pretends to be something that it is not. Which fools the user to install a program, or application thinking it is a legitimate, and safe package. Instead, however, of being a standalone program that alters configurations (like the DNSChanger Trojan) or sends data to remote systems (like a botnet hack), this Trojan is worse because it installs a program on your system, that acts like a server. This program allows a hacker to connect and administer the user system with a small remote client program (appropriately called a remote administration tool, or RAT). It works by having the hacker enter your IP address into the client program, he then connects the malware service installed on your system, and can then send remote commands to your system using the RAT system.
Prank or not
This is not a unique program. In fact it is similar to NetBus and Sub7 RATs for Windows. Security personnel can characterize this application more as a prank than anything else. Still, it does still pose a security risk if installed because users can be tricked into supplying their administrative passwords to the hacker, among other things.
One of BlackHole RAT’s functions pops open a full-screen dialog with only a ‘reboot’ button, and the following, message:
“I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can’t be infected, but look, you ARE Infected!
I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.
So, Im a very new Virus, under Development, so there will be much more functions when im finished.”
Is this a high risk?
Does this change the nature of OS X security? Given the measures required to install and enable this threat, it may only be a low risk. And while there is always concern that OS X’s security features can be circumvented and result in malware being automatically installed, so far this malware, as with most other Trojans, requires you to manually run an installer to load a separate standalone program. The supplied OS features and services are not touched and their security measures are left intact. So if the user is careful, he/she will not touch this program if they suspect that there is something not right.
Source: DownloadSquad
