Latest in Ardagent

Image credit:

Watch out for PokerGame trojan

Robert Palmer

In the wake of the ARDAgent vulnerability discovered yesterday, we all have something new to look out for: OSX.Trojan.PokerStealer is the official name of a trojan horse masquerading as a poker game. The trojan is distributed in a 65K .zip archive.

According to security company Intego, running the trojan activates SSH, and transmits the username, password hash, and IP address of the computer to a server. It asks for an administrator's password after displaying a message about a corrupt preference file that needs to be repaired.

The "PokerGame" application is 159,843 bytes, and includes the text "Copyright 2008 Andrew" in the version information (visible in Get Info).

As always, please remember to use extreme caution when running applications downloaded from the Internet, or received via email.

Thanks to Rosaline from Intego for the heads-up.

From around the web

ear iconeye icontext filevr